|
|
|
|
| |
Credit:
The information has been provided by Deral Heiland.
The original article can be found at: http://www.layereddefense.com/ADVISORIES.html
The vendor advisory can be found at: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34325
|
| |
Vulnerable Systems:
* eTrust Antivirus version 8.0
* eTrust PestPatrol version 8.0
* Integrated Threat Management version 8.0
A format string vulnerability was discovered within eTrust Antivirus, eTrust PestPatrol and Integrated Threat Management. The vulnerability is due to improper processing of format strings within the scan job description field. An attacker could create a scan job containing special crafted format strings that could potential lead to execution of arbitrary code, rights escalation and at a minimum denial of service.
Vendor Status:
This vulnerability is addressed by vendor in Content Update build 432.
Client GUI Vulnerability Content Update - build 432 http://supportconnectw.ca.com/public/eitm/infodocs/etrustitmvuln-contentupdate.asp
CVE Information:
CVE-2006-3223
Disclosure Timeline:
05/04/2006 Reported Vulnerability to Vendor.
06/27/2006 Vulnerability fixed & public disclosure.
|
|
|
|
|
