CA eTrust PestPatrol Anti-Spyware Corporate Edition 8.x
CA Integrated Threat Management (ITM) 8.x
eTrust Antivirus 8.x
A vulnerability has been reported in some CA products, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
The vulnerability is caused due to a format string error within the handling of the description field of a scan job. This can be exploited to cause the affect products to crash and may allow arbitrary code execution via a specially crafted scan job description that contains format string specifiers.
Successful exploitation requires that the user is able to create a scan job.
The vulnerability has been reported in the following products:
* CA Integrated Threat Management r8
* eTrust Antivirus r8
* eTrust PestPatrol Anti-Spyware Corporate Edition r8
Solution: The vulnerability has been fixed in Content Update build 432 via the content update mechanism.