View my documents ()
 Home > Support > Global Security Advisor 

Vulnerability Detail

CA eTrust Antivirus WebScan multiple vulnerabilities

Date Discovered:
3 Aug 2006

Date Published:
3 Aug 2006

Last Updated:
25 Sep 2006

Threat Assessment

Overall Risk:  Medium
Popularity : Medium
Impact:  High
Simplicity:  Low

Characteristics

Vulnerability ID:  34509
Discovered By:  Matt Murphy

Exploitable Locally:  No
Exploitable Remotely:  Yes

Impact:  Remote attackers can gain privileged access or execute arbitrary code.

Root Cause:  Software Vulnerability

Description
Recommendations
Affected Technologies
References
 

Description

CA eTrust Antivirus WebScan contains multiple vulnerabilities that can allow remote attackers to gain privileged access or execute arbitrary code. The first vulnerability is due to improper parameter validation. The second vulnerability is due to improper bounds checking in WebScan when processing certain user input. Remote attackers can exploit these vulnerability to gain escalated privileges or execute arbitrary code.

Back to top

Recommendations



-------------------------------------------------------------------------------
For: CA eTrust Antivirus WebScan 1.1.0.1045 , CA eTrust Antivirus WebScan 1.1.0.1047

Determining if you are affected:



Browse to the C:\WINDOWS\Downloaded Program Files or C:\WINNT\Downloaded Program Files folder and check the version number of the "WScanCtl Class" object. If the version number is less than 1,1,0,1048, you need to update the ActiveX control.



Another way to determine if you are affected is to Start Internet Explorer, and then select "Tools" > "Internet Options" > "General" tab. On the "General" tab, click on the "Settings" button in the "Temporary Internet Files" section. On the "Settings" dialog window, click on the button labeled "View Objects" and then check the version of the "WScanCtl Class" object. If the version number is less than 1,1,0,1048, you need to update the ActiveX control.



Update to CA eTrust Antivirus WebScan 1.1.0.1048:



Visit



http://www3.ca.com/securityadvisor/virusinfo/scan.aspx



and allow Internet Explorer to install the new webscan.cab software. Note that the software is digitally signed by CA.



Workarounds:



Alternatively, you can simply remove an older, vulnerable object by using one of the following methods:



a) Start Internet Explorer, and then select "Tools" > "Internet Options" > "General" tab. On the "General" tab, click on the "Settings" button in the "Temporary Internet Files" section. On the "Settings" dialog window, click on the button labeled "View Objects" and then right-click on the "WScanCtl Class" object and select the "Remove" option.



b) Open an Explorer window and browse to "\downloaded program files". Then right-click on the "WScanCtl Class" object and select the "Remove" option.

Back to top

Affected Technologies

Computer Associates: CA eTrust Antivirus WebScan 1.1.0.1045
Computer Associates: CA eTrust Antivirus WebScan 1.1.0.1047

Back to top

References

Mitre CVE: CVE-2006-3975
Mitre CVE: CVE-2006-3976
Mitre CVE: CVE-2006-3977

Back to top

CA Global Security Advisor

Current threat condition: Low
Low
Documents and Tools
Find Threats
Viruses Spyware
Vulnerabilities All
 
 
Page Tools
ShareShare