受影响系统:
Computer Associates BrightStor ARCserve Backup R11.5
Computer Associates BrightStor ARCserve Backup R11.1
Computer Associates BrightStor ARCserve Backup r11.0 for Windows
Computer Associates BrightStor ARCserve Backup r10.5
Computer Associates BrightStor ARCserve Backup 9.01
Computer Associates Anti-Virus SDK
Computer Associates Anti-Virus Gateway 7.1
Computer Associates Anti-Virus for the Enterprise r8.1
Computer Associates Anti-Virus for the Enterprise r8
Computer Associates Anti-Virus 2007 (v8)
Computer Associates Internet Security Suite 2007 v3.0
Computer Associates Protection Suites r3
Computer Associates Protection Suites r2
Computer Associates eTrust EZ Antivirus r7
Computer Associates eTrust EZ Antivirus r6.1
Computer Associates eTrust Internet Security Suite r2
Computer Associates eTrust Internet Security Suite r1
Computer Associates eTrust EZ Armor r3.x
Computer Associates eTrust EZ Armor r2
Computer Associates eTrust EZ Armor r1
Computer Associates Threat Manager for the Enterprise r8
Computer Associates Secure Content Manager 8.0
Computer Associates Unicenter NSM r3.1
Computer Associates Unicenter NSM r3.0
Computer Associates Unicenter NSM r11.1
Computer Associates Unicenter NSM r11
描述:
Computer Associates安全厂商产品包括多种杀毒软件及备份恢复系统。
多个CA产品的杀毒引擎在解析包含畸形字段的.CAB文档时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制系统。
假如.CAB文档中包含有超长coffFiles字段的话,就可能在解析此文档时触发这个溢出,导致执行任意指令。
厂商补丁:
Computer Associates
现在厂商已发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.cai.com/
