CVE-2006-3223

Name of the Vulnerable Software and Affected Versions CA Integrated Threat Management (ITM) version r8 eTrust Antivirus (eAV) version r8 eTrust PestPatrol (ePP) version r8

Description The issue allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field. This can be achieved by including format strings in the description field of a scan job.

Recommendations For CA Integrated Threat Management (ITM) version r8, consider restricting the use of format strings in the description field of scan jobs until a fix is available. For eTrust Antivirus (eAV) version r8, avoid using format strings in the description field of scan jobs to minimize the risk of exploitation. For eTrust PestPatrol (ePP) version r8, temporarily disable the ability to include format strings in scan job descriptions as a mitigation measure.