| VID |
23147 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The CA Vet Antivirus Engine, according to its version number, has a remote heap overflow vulnerability. Computer Associate's Antivirus products running Vet engine versions prior to 11.9.1 including eTrust Antivirus, InoculateIT, eTrust Secure Content Manager, eTrust Intrusion Detection, Vet Antivirus, and Zonelabs ZoneAlarm Security Suite and ZoneAlarm Antivirus are vulnerable to a heap-based buffer overflow vulnerability in the Vet Antivirus Library. A remote attacker could exploit this vulnerability using a Microsoft Office document to cause a heap overflow and execute arbitrary code on the system.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://securitytracker.com/id?1014050
http://secunia.com/advisories/15470
http://secunia.com/advisories/15479
http://www.rem0te.com/public/images/vet.pdf
http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter=1588
http://marc.theaimsgroup.com/?l=bugtraq&m=111686576416450&w=2
* Platforms Affected:
Products running Vet engine versions prior to 11.9.1
Computer Associates, Inc., eTrust Antivirus for Gateway 7.0
Computer Associates, Inc., eTrust Antivirus for Gateway 7.1
Computer Associates, Inc., eTrust Antivirus with Notes/Exchange 6.0
Computer Associates, Inc., eTrust Antivirus with Notes/Exchange 7.0
Computer Associates, Inc., eTrust Antivirus with Notes/Exchange 7.1
Computer Associates, Inc., eTrust Intrusion Detection System Any version
Computer Associates, Inc., eTrust Secure Content Manager Any Version
Computer Associates, Inc., InoculateIT with Notes/Exchange 6.0
Computer Associates, Inc., Vet Antivirus Any version
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Vet engine (11.9.1 or later), as listed in the Computer Associates Security Advisory at http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32896 |
| Related URL |
CVE-2005-1693 (CVE) |
| Related URL |
13710 (SecurityFocus) |
| Related URL |
20686 (ISS) |
|
