CA eTrust Antivirus WebScan Malicious Update Code Execution Vulnerability

CA eTrust Antivirus WebScan Malicious Update Code Execution Vulnerability

CA eTrust Antivirus WebScan is prone to a remote code-execution vulnerability because it fails to properly validate parameters supplied to the WebScan ActiveX control.

An attacker could exploit this vulnerability to cause WebScan to install malicious application files from an attacker-specified source. This could result in the execution of arbitrary code.

This issue affects version 1.1.0.1047 and earlier; other versions may also be affected.