Description:
Two vulnerabilities have been reported in multiple CA products, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
1) An error in the arclib component of the CA Anti-Virus engine can be exploited to corrupt heap memory via a specially crafted RAR archive.
Successful exploitation may allow execution of arbitrary code.
2) An error in the arclib component of the CA Anti-Virus engine can be exploited to corrupt stack memory via a specially crafted RAR archive and cause a crash.
The vulnerabilities are reported in the following products and versions:
* CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1, r8, and r8.1
* CA Anti-Virus 2007 (v8), 2008, and 2009
* CA Anti-Virus Plus 2009
* eTrust EZ Antivirus r7.1
* CA Internet Security Suite 2007 (v3) and 2008
* CA Internet Security Suite Plus 2008 and 2009
* CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8 and 8.1
* CA Threat Manager Total Defense
* CA Gateway Security r8.1
* CA Protection Suites r2, r3, and r3.1
* CA Secure Content Manager (formerly eTrust Secure Content Manager) 1.1 and 8.0
* CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.0, r3.1, r11, and r11.1
* CA ARCserve Backup r11.5 on Windows, r12 on Windows, r12.0 SP1 on Windows, r12.0 SP 2 on Windows, r12.5 on Windows, r11.1 Linux, and r11.5 Linux
* CA ARCserve for Windows Client Agent
* CA ARCserve for Windows Server component
* CA eTrust Intrusion Detection 2.0 SP1, 3.0, and 3.0 SP1
* CA Common Services (CCS) r3.1, r11, and r11.1
* CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK)
* CA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
