CA has said that products relying on its anti-virus engine contain two vulnerabilities that could be exploited to cause a crash or execute arbitrary code. The company has issued updates to address the vulnerabilities, which are rated "high."
CA enterprise customers should deploy the "patch sooner than later," said Adam O'Donnell, director of emerging technologies for Cloudmark, a messaging security company. The flaws were reported by an anonymous researcher working with TippingPoint and the Zero Day Initiative.
One of the flaws, a boundary error in vete.dll when processing CAB archives, can be exploited to cause a stack-based buffer overflow via a specially crafted CAB archive containing excessively long filenames in the CAB file.
The second vulnerability, an input-validation error, is due to a stack-based buffer overflow occurring when the "coffFiles" field is processed in a CAB file.
O'Donnell said the vulnerabilities "are the kind of thing that can happen to any vendor — file parses and file system parses are notoriously difficult to write." He suspected that "something was overlooked" during development of the CA AV engine, and "those overlooked issues could manifest as an exploitable hole in the software.
"Software developers make assumptions regarding how data will come into the system," he added. "Sometimes, these assumptions do not hold up to all real-world situations. Data could enter the system in different size or from a different source [than expected]. When that happens, a clever individual can take advantage of the programming mistakes to gain control of the software.
"Safe programming techniques would prevent these kinds of issues," O'Donnell said. "But as we all know, it's sometimes difficult to get things right the first time around."
As a result, he urged enterprise IT professionals to "keep an eye on manufacturers' websites for any security patches and apply patches as soon as feasible."
CA said customers can determine if their installation is affected by finding the signature version from the affected product's GUI; products with versions less than 30.6 are affected. The flaws impact the following CA products:
Get more IT security news. Click here for SC Magazine Blogs.