Description: A vulnerability has been reported in some CA products, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
The vulnerability is caused due to a format string error within the handling of the description field of a scan job. This can be exploited to cause the affect products to crash and may allow arbitrary code execution via a specially crafted scan job description that contains format string specifiers.
Successful exploitation requires that the user is able to create a scan job.
The vulnerability has been reported in the following products:
* CA Integrated Threat Management r8
* eTrust Antivirus r8
* eTrust PestPatrol Anti-Spyware Corporate Edition r8
Solution: The vulnerability has been fixed in Content Update build 432 via the content update mechanism.
Provided and/or discovered by: The vendor credits Deral Heiland.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.