3 matches found
CVE-2006-3977
CVE-2006-3977 concerns CA eTrust Antivirus WebScan prior to 1.1.0.1048. The vulnerability arises in the WebScan update mechanism: it downloads a manifest and update files without verifying authenticity or timestamps, enabling an attacker to push an extremely outdated but legitimate file version, ...
CVE-2006-3975
CVE-2006-3975 affects Computer Associates’ eTrust Antivirus WebScan ActiveX component. The root cause is missing bounds checking during processing of update manifests (filelist.txt) delivered by the WebScan update mechanism, which could enable remote code execution when a user visits a malicious ...
CVE-2006-3976
CVE-2006-3976 affects Computer Associates eTrust Antivirus WebScan ActiveX in WebScan before 1.1.0.1048. The flaw occurs during the automatic update process: WebScan downloads a filelist.txt from a supplied update path (SigUpdatePathFTP/HTTP) and decompresses listed files without verifying authen...