1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: CA eTrust AntiVirus Malicious CAB

Attack: CA eTrust AntiVirus Malicious CAB

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to a buffer overflow attempt while processing specially crafted CAB files in CA eTrust AntiVirus application.

Additional Information

Multiple Computer Associates products are prone to a remote stack-based buffer-overflow vulnerability because the scan engine fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Specifically, malicious data designed to leverage the issue can be placed in the 'coffFiles' field in 'CAB' archive files, which will cause stack memory to be overwritten. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.

A successful attack can result in the complete compromise of affected computers. Failed attempts will likely cause denial-of-service conditions.

Affected

  • N/A

Response

Vendor has released an update to resolve this issue. Please visit the vendor's website for further details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube