| VID |
28163 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The CA eTrust Antivirus WebScan ActiveX Control has multiple vulnerabilities which exist in versions prior to 1.1.0.1048. CA eTrust Antivirus WebScan provides protection against viruses, worms and Trojan horse programs. CA eTrust Antivirus WebScan versions prior to 1.1.0.1048 are vulnerable to multiple vulnerabilities. The first issue is due to improper parameter validation. The second issue is due to improper bounds checking when processing arbitrary user input. Remote attacker can exploit these vulnerabilities to gain privileged access or execute arbitrary code.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://secunia.com/advisories/21320
http://www.securityfocus.com/archive/1/archive/1/442244/100/0/threaded
http://www.frsirt.com/english/advisories/2006/3166 http://securitytracker.com/id?1016637
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34509
* Platforms Affected:
Computer Associates, Inc., eTrust Antivirus WebScan versions prior to 1.1.0.1048
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of eTrust Antivirus WebScan (1.1.0.1048 or later) by visiting the eTrust Antivirus WebScan Web site at http://www3.ca.com/securityadvisor/virusinfo/scan.aspx and allowing Internet Explorer to update a new version of webscan.cab. |
| Related URL |
CVE-2006-3976,CVE-2006-3977 (CVE) |
| Related URL |
19399,19403 (SecurityFocus) |
| Related URL |
28226 (ISS) |
|
