CA anti-virus engine arclib component stack corruption vulne

All things related to Firewalls and Anti Virus.

Moderators: Admin Team, Moderators

User avatar
Spudz
Posts: 1856
Joined: Mon Jul 20, 2009 4:35 am
Area Of Expertise: General guidance and advice
experience: Not only can I turn PC on, I know most of its functions too
PC time: Alot more than I should
Location: Kent, UK
Contact:

CA anti-virus engine arclib component stack corruption vulne

Postby Spudz » Fri Oct 09, 2009 12:48 pm

Vulnerability Detail
CA anti-virus engine arclib component stack corruption vulnerability

Date Discovered:
8 Oct 2009

Date Published:
9 Oct 2009

Last Updated:
9 Oct 2009

Vulnerability ID: 37818
Discovered By: Thierry Zoller

Exploitable Locally: Yes
Exploitable Remotely: Yes

Impact: An attacker can cause a denial of service condition.

Root Cause: Software Vulnerability

Description

CA anti-virus engine contains a vulnerability that can allow an attacker to cause a denial of service condition. The vulnerability is due to improper handling of a specially crafted RAR archive file by the CA anti-virus engine arclib component. An attacker can create a malformed RAR archive file that results in stack corruption and allows the attacker to cause a denial of service condition.


http://www.ca.com/us/securityadvisor/vu ... x?id=37818
Spam - Uninteresting garbage quickly deleted.
Spammer - A parasitic worm intent on creating internet misery.

Image

User avatar
Spudz
Posts: 1856
Joined: Mon Jul 20, 2009 4:35 am
Area Of Expertise: General guidance and advice
experience: Not only can I turn PC on, I know most of its functions too
PC time: Alot more than I should
Location: Kent, UK
Contact:

Re: CA anti-virus engine arclib component stack corruption vulne

Postby Spudz » Fri Oct 09, 2009 12:51 pm

and:

Vulnerability Detail
CA anti-virus engine arclib component heap corruption vulnerability

Date Discovered:
8 Oct 2009

Date Published:
9 Oct 2009

Last Updated:
9 Oct 2009

Vulnerability ID: 37817
Discovered By: Thierry Zoller

Exploitable Locally: Yes
Exploitable Remotely: Yes

Impact: An attacker can cause a denial of service condition.

Root Cause: Software Vulnerability

CA anti-virus engine contains a vulnerability that can allow an attacker to cause a denial of service condition. The vulnerability is due to improper handling of a specially crafted RAR archive file by the CA anti-virus engine arclib component. An attacker can create a malformed RAR archive file that results in heap corruption and allows the attacker to cause a denial of service condition.


http://www.ca.com/us/securityadvisor/vu ... x?id=37817
Spam - Uninteresting garbage quickly deleted.
Spammer - A parasitic worm intent on creating internet misery.

Image


Return to “Firewalls and Anti-Virus\Trojans\Worms Related”

Who is online

Users browsing this forum: No registered users and 1 guest