Several CA products for businesses enable code smuggling
CA has published a security report describing vulnerabilities in its antivirus for Enterprise, Threat Manager and Anti-Spyware. The products were also formerly known as eTrust Antivirus, eTrust Integrated Threat Management and PestPatrol. Attackers might exploit the holes to smuggle in arbitrary program code.
In the console server, which by default listens to the internet on TCP port 12168, an internal buffer overflow can occur as a result of a faulty length check. Attackers can apparently exploit this to inject and execute foreign code with fraudulent login data. A similar vulnerability affects the file InoCore.dll, which local users can exploit to execute arbitrary code.
The vulnerability affects the files InoWeb.exe and InoCore.dll prior to the current version 8.0.448.0. The manufacturer has released updates which should be uploaded by administrators, in case it has not yet been handled by the automatic update.
- security report by CA