Computer Associates (CA) has warned of yet another “high risk” vulnerability affecting an antivirus scanning engine used in many of its products.
The flaw lies in the company's Vet antivirus scanning engine that is used in a vast range of its enterprise and consumer products as well as other vendors that used the scanning engine in their products.
CA said the problem was a high risk as an attacker could gain control over a user's PC just by sending them a specially crafted Microsoft Office document. The user would not have to do anything for the attack to be effective.
The company was informed of the flaw by Alex Wheeler of rem0te.com. In his advisory he said that "successful exploitation of protected systems allows attackers unauthorized control of data andprivileges. It also provides leverage for further network compromise."
He added that the vulnerability "could be triggered without authentication or user interaction and allows multiple exploitation attempts. Vet implementations are likely vulnerable in their default configuration."
As reported by SC Magazine in March, vulnerabilities in CA Licensing software opened up vast swathes of the CA product catalog to potential attack.
A patch is available on the company's website.