The following security advisory is sent to the securiteam mailing list, and can
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
CA eTrust Antivirus WebScan Vulnerabilities
------------------------------------------------------------------------
SUMMARY
CA eTrust Antivirus WebScan contains multiple vulnerabilities that can
allow remote attackers to gain privileged access or execute arbitrary
code. The first vulnerability allows attackers to install arbitrary files.
The second vulnerability is due to improper processing of outdated WebScan
components. Finally, the third vulnerability is due to improper bounds
checking when processing certain user input. Remote attackers can exploit
these vulnerabilities to gain escalated privileges or execute arbitrary
code.
DETAILS
Vulnerable Systems:
* CA eTrust Antivirus WebScan version 1.1.0.1045
* CA eTrust Antivirus WebScan version 1.1.0.1047
Determining if you are affected:
Browse to the C:\WINDOWS\Downloaded Program Files or C:\WINNT\Downloaded
Program Files folder and check the version number of the "WScanCtl Class"
object. If the version number is less than 1,1,0,1048, you need to update
the ActiveX control.
Another way to determine if you are affected is to Start Internet
Explorer, and then select "Tools" > "Internet Options" > "General" tab. On
the "General" tab, click on the "Settings" button in the "Temporary
Internet Files" section. On the "Settings" dialog window, click on the
button labeled "View Objects" and then check the version of the "WScanCtl
Class" object. If the version number is less than 1,1,0,1048, you need to
update the ActiveX control.
Update to CA eTrust Antivirus WebScan 1.1.0.1048:
Visit <http://www3.ca.com/securityadvisor/virusinfo/scan.aspx>
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
and allow Internet Explorer to install the new webscan.cab software. Note
that the software is digitally signed by CA.
Workarounds:
Alternatively, you can simply remove an older, vulnerable object by using
one of the following methods:
a) Start Internet Explorer, and then select "Tools" > "Internet Options" >
"General" tab. On the "General" tab, click on the "Settings" button in the
"Temporary Internet Files" section. On the "Settings" dialog window, click
on the button labeled "View Objects" and then right-click on the "WScanCtl
Class" object and select the "Remove" option.
b) Open an Explorer window and browse to "\downloaded program files". Then
right-click on the "WScanCtl Class" object and select the "Remove" option.
ADDITIONAL INFORMATION
The information has been provided by Matt Murphy.
The original article can be found at:
<http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34509>
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34509
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to:
list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to:
list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any
kind.
In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages.
