CA fixes bug in antivirus products

A serious flaw in Computer Associates' antivirus products could expose users to hacker attacks.

Joris Evers
Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
2 min read
A high-risk security flaw in several of Computer Associates International's antivirus products could put users at risk of cyberattack, the software vendor warned on Monday.

The flaw lies in the scanning engine used in CA's enterprise and consumer antivirus products, the company said. An attacker could gain full control over a victim's PC by sending a specially crafted Microsoft Office document, according to a security advisory published on the CA Web site.

CA rates the issue "high risk" because an attacker can gain full access to a computer without any user interaction, according to the advisory.

The flaw in CA's antivirus engine is the latest in a series of security bugs in antivirus software. During the past few months, problems have been found in products from Symantec, McAfee, F-Secure and Trend Micro.

Consumer products that contain the flawed engine include CA's eTrust EZ Antivirus and EZ Armor, a bundle that offers the antivirus product. Affected business products include eTrust Antivirus, Intrusion Detection and Secure Content Manager, according to the advisory.

CA publicly disclosed the security issue Monday, but had a patch available on May 3, said Sam Curry, a vice president at CA in Islandia, N.Y.

The patch was made available to corporate customers, Curry said. "The consumer products are automatically being updated today," he said. CA counts between 3 million and 4 million consumers and about 1 million organizations as its antivirus customers, he said.

Consumers who are on more recent versions of EZ Antivirus and EZ Armor may find that their products have already been automatically updated, CA said. Users should check if the antivirus engine in their product is version 11.9.1. If it is a lower number, a virus signature update should be done to get the patch, according to CA.

Users of older versions are advised to upgrade or follow the guidelines in CA's advisory.

CA is not aware of anyone actually using the latest vulnerability in its products to attack users, Curry said. "This vulnerability is still only a potential vulnerability. There are no known exploits in the wild yet," he said. "However, I would say it is only a matter of time."