Name of the Vulnerable Software and Affected Versions:

CA Anti-Virus for the Enterprise versions 7.1 through r8.1

CA Anti-Virus 2007 through 2009

CA eTrust EZ Antivirus version r7.1

CA Internet Security Suite 2007 through Plus 2009

Description:

The issue is related to a crafted RAR archive file that triggers heap corruption, potentially allowing remote attackers to cause a denial of service and possibly execute arbitrary code.

Recommendations:

For CA Anti-Virus for the Enterprise versions 7.1 through r8.1, update to a version that is not affected by this issue.

For CA Anti-Virus 2007 through 2009, update to a version that is not affected by this issue.

For CA eTrust EZ Antivirus version r7.1, update to a version that is not affected by this issue.

For CA Internet Security Suite 2007 through Plus 2009, update to a version that is not affected by this issue.

As a temporary workaround, consider restricting the handling of RAR archive files to minimize the risk of exploitation.