Security hole in online virus scanner from CA allows code execution
The online virus scanner from Computer Associates, eTrust Antivirus WebScan, relies on Active X modules. Programming flaws in these modules could allow attackers to do things such as using specially prepared websites to plant malicious code on computers that have already run an installation of the scanner.
A security advisory from CA warns about the vulnerability without divulging details. The company nevertheless highlighted the importance of the individual flaws: attackers could use weaknesses in older versions of the Active X module to install arbitrary files. Faulty length testing of user input could lead to buffer overflows through which attackers can sneak in and execute malicious code.
The security advisory from CA indicates that versions 22.214.171.1245 and 126.96.36.1997 of eTrust Antivirus WebScan are affected. The online scanner now bears the version number 188.8.131.528; this build no longer contains the error. Affected users should either uninstall the Active X components as described in the advisory or visit the online scanner site to replace the flawed module.
This is not the first issue of its kind as McAfee and Symantec have both been hit by similar problems. That's why heise Security recommends on it's antivirus pages, to use a mature on-demand scanner or a special boot CD instead of online scans based on ActiveX.
- CA eTrust Antivirus WebScan multiple vulnerabilities, Advisory from Computer Associates.
- eTrust Antivirus Web Scanner, Online scanner with updated Active X controls (requires Internet Explorer).