In association with heise online

07 August 2006, 12:58

Security hole in online virus scanner from CA allows code execution

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The online virus scanner from Computer Associates, eTrust Antivirus WebScan, relies on Active X modules. Programming flaws in these modules could allow attackers to do things such as using specially prepared websites to plant malicious code on computers that have already run an installation of the scanner.

A security advisory from CA warns about the vulnerability without divulging details. The company nevertheless highlighted the importance of the individual flaws: attackers could use weaknesses in older versions of the Active X module to install arbitrary files. Faulty length testing of user input could lead to buffer overflows through which attackers can sneak in and execute malicious code.

The security advisory from CA indicates that versions and of eTrust Antivirus WebScan are affected. The online scanner now bears the version number; this build no longer contains the error. Affected users should either uninstall the Active X components as described in the advisory or visit the online scanner site to replace the flawed module.

This is not the first issue of its kind as McAfee and Symantec have both been hit by similar problems. That's why heise Security recommends on it's antivirus pages, to use a mature on-demand scanner or a special boot CD instead of online scans based on ActiveX.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit