Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   eTrust Antivirus Vendors:   CA
CA eTrust Antivirus Format String Bug in Scan Job Description Field Lets Local Users Execute Arbitrary Code
SecurityTracker Alert ID:  1016391
SecurityTracker URL:
CVE Reference:   CVE-2006-3223   (Links to External Site)
Updated:  Jun 29 2006
Original Entry Date:  Jun 27 2006
Impact:   Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): r8
Description:   A vulnerability was reported in Computer Associates eTrust Antivirus. A local user may be able to execute arbitrary code on the target system.

The description field of a scan job is not properly validated. A user that can create a scan job can create a specially crafted scan job description that contains format string specifiers. Then, when the job is processed, the process may crash or execute arbitrary code.

CA Integrated Threat Management and eTrust PestPatrol are also affected.

The vendor was notified on May 4, 2006.

Deral Heiland of discovered this vulnerability.

Impact:   A local user may be able to execute arbitrary code on the target system.
Solution:   The vendor has issued a fix as part of Content Update build 432.
Vendor URL: (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  [Full-disclosure] CAID 34325 - CA ITM, eAV,

Title: CAID 34325 - CA ITM, eAV, ePP scan job description field format 
string vulnerability

CA Vulnerability ID: 34325

CA Advisory Date: 2006-06-26

Discovered By: Deral Heiland (

Impact: Attackers can cause a denial of service condition or possibly 
execute arbitrary code.

Summary: CA Integrated Threat Management, eTrust Antivirus, and eTrust 
PestPatrol contain a vulnerability that can allow attackers to cause a 
denial of service condition or possibly execute arbitrary code. The 
vulnerability is due to improper processing of format strings in the 
description field of a scan job. An attacker, who can create a scan job 
containing format string directives, can potentially overwrite memory 
to cause a crash or execute arbitrary code.

Mitigating Factors: None

Severity: CA has given this vulnerability a Medium risk rating.

Affected Products: 
CA Integrated Threat Management r8
eTrust Antivirus r8
eTrust PestPatrol Anti-spyware Corporate Edition r8

Status and Recommendation: This vulnerability is addressed in Content 
Update build 432. Use the content update mechanism to install this 

References: (URLs may wrap)

CA SupportConnect:

Client GUI Vulnerability Content Update - build 432

CAID: 34325
CAID Advisory link:

CVE Reference: 

OSVDB Reference: 

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA 
Technical Support at

For technical questions or comments related to this advisory,
please send email to, or contact me directly.

If you discover a vulnerability in CA products, please report
your findings to, or utilize our "Submit a 
Vulnerability" form.

Ken Williams ; 0xE2941985
Director, CA Vulnerability Research

CA, One Computer Associates Plaza. Islandia, NY 11749
Legal Notice
Privacy Policy
Copyright (c) 2006 CA. All rights reserved.

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC