Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > August 2006 > CA Security Advisory: CA eTrust Antivirus WebScan multiple vulnerabilities

August 2006

CA Security Advisory: CA eTrust Antivirus WebScan multiple vulnerabilities

ID: 00538
Ref: 517/2006
Date: 08 August 2006:14:45:17
Version: 1
Title: CA Security Advisory: CA eTrust Antivirus WebScan multiple vulnerabilities
Abstract:
Vendors affected: CA
Operating systems affected: CA
Applications affected: CA
Title
=====

CA Security Advisory: CA eTrust Antivirus WebScan multiple vulnerabilities

Detail
======

Date Discovered: 03 August 2006
Date Published: 03 August 2006
Last Updated: 07 August 2006

Threat Assessment

Overall Risk: Medium
Impact: High
Popularity: Medium
Simplicity: Low

Vulnerability Description

Vulnerability ID: 34509 Discovered By: Matt Murphy
Exploitable Locally: No Exploitable Remotely: Yes
Impact: Remote attackers can gain privileged access or execute arbitrary code.

Root Cause: Software Vulnerability

CA eTrust Antivirus WebScan contains multiple vulnerabilities that can allow remote attackers to gain privileged access or execute arbitrary code. The first vulnerability is due to improper parameter validation. The second vulnerability is due to improper bounds checking in WebScan when processing certain user input. Remote attackers can exploit these vulnerability to gain escalated privileges or execute arbitrary code.


- -------------------------------------------------------------------------------
For: CA eTrust Antivirus WebScan 1.1.0.1045 , CA eTrust Antivirus WebScan 1.1.0.1047

Determining if you are affected:

Browse to the C:\WINDOWS\Downloaded Program Files or C:\WINNT\Downloaded Program Files folder and check the version number of the "WScanCtl Class" object. If the version number is less than 1,1,0,1048, you need to update the ActiveX control.

Another way to determine if you are affected is to Start Internet Explorer, and then select "Tools" > "Internet Options" > "General" tab. On the "General" tab, click on the "Settings" button in the "Temporary Internet Files" section. On the "Settings" dialog window, click on the button labeled "View Objects" and then check the version of the "WScanCtl Class" object. If the version number is less than 1,1,0,1048, you need to update the ActiveX control.

Update to CA eTrust Antivirus WebScan 1.1.0.1048:

Visit

http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

and allow Internet Explorer to install the new webscan.cab software. Note that the software is digitally signed by CA.

Workarounds:

Alternatively, you can simply remove an older, vulnerable object by using one of the following methods:

a) Start Internet Explorer, and then select "Tools" > "Internet Options" > "General" tab. On the "General" tab, click on the "Settings" button in the "Temporary Internet Files" section. On the "Settings" dialog window, click on the button labeled "View Objects" and then right-click on the "WScanCtl Class" object and select the "Remove" option.

b) Open an Explorer window and browse to "\downloaded program files". Then right-click on the "WScanCtl Class" object and select the "Remove" option.

Affected Technologies

Computer Associates: CA eTrust Antivirus WebScan 1.1.0.1045
Computer Associates: CA eTrust Antivirus WebScan 1.1.0.1047
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |