Computer Associates eTrust Antivirus Malicious Code Detection Bypass Vulnerability
BID:9665
Info
Computer Associates eTrust Antivirus Malicious Code Detection Bypass Vulnerability
| Bugtraq ID: | 9665 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 16 2004 12:00AM |
| Updated: | Feb 16 2004 12:00AM |
| Credit: | The disclosure of this issue has been credited to the vendor. |
| Vulnerable: |
Computer Associates eTrust Antivirus EE 7.0 Computer Associates eTrust Antivirus EE 6.0 |
| Not Vulnerable: | |
Discussion
Computer Associates eTrust Antivirus Malicious Code Detection Bypass Vulnerability
It has been reported that eTrust Antivirus is prone to a vulnerability that may allow malicious code to bypass detection. The issue occurs when a ZIP archive containing a password-protected file is scanned. It has been reported that the software fails to scan any files in the archive once the password-protected file has been scanned.
It has been reported that eTrust Antivirus is prone to a vulnerability that may allow malicious code to bypass detection. The issue occurs when a ZIP archive containing a password-protected file is scanned. It has been reported that the software fails to scan any files in the archive once the password-protected file has been scanned.
Exploit / POC
Computer Associates eTrust Antivirus Malicious Code Detection Bypass Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Computer Associates eTrust Antivirus Malicious Code Detection Bypass Vulnerability
Solution:
The vendor has released a fix (QO50563.CAZ) to address this issue in eTrust Antivirus 7.0 0302 level (Build 139) or higher. An additional fix (QO51215.CAZ) has been released to address this issue in eTrust Antivirus 6.0 0108 level (Build 96) or higher. A fix (QO52087.CAZ) has also been released to address this issue in 0108 level (Build 96) or higher of eTrust Antivirus Enterprise Edition on Windows 95/98/Me systems.
Computer Associates eTrust Antivirus EE 6.0
Computer Associates eTrust Antivirus EE 7.0
Solution:
The vendor has released a fix (QO50563.CAZ) to address this issue in eTrust Antivirus 7.0 0302 level (Build 139) or higher. An additional fix (QO51215.CAZ) has been released to address this issue in eTrust Antivirus 6.0 0108 level (Build 96) or higher. A fix (QO52087.CAZ) has also been released to address this issue in 0108 level (Build 96) or higher of eTrust Antivirus Enterprise Edition on Windows 95/98/Me systems.
Computer Associates eTrust Antivirus EE 6.0
-
Computer Associates QO51215.CAZ
ftp://ftp.ca.com/CAproducts/unicenter/eTrust/AntiVirus/6.0/nt/qo51215/ QO51215.CAZ -
Computer Associates QO52087.CAZ
ftp://ftp.ca.com/CAproducts/unicenter/eTrust/AntiVirus/6.0/win95/qo520 87/QO52087.CAZ
Computer Associates eTrust Antivirus EE 7.0
-
Computer Associates QO50563.CAZ
This fix requires the 0302 level (Build 139) or higher of eTrust Antivirus to be installed.
ftp://ftp.ca.com/pub/unicenter/eTrust/AntiVirus/7.0/nt/qo50563/QO50563 .CAZ
References
Computer Associates eTrust Antivirus Malicious Code Detection Bypass Vulnerability
References:
References:
- APAR #: QO51215 DATE: 1 MAR 2004 (Computer Associates)
- APAR #: QO52087 DATE: 15 MAR 2004 (Computer Associates)
- NT-CANNOT CONTINUE SCAN ZIP FILE WITH PASSWORD (Computer Associates)