This week four CA products (eTrust IDS, Unicenter, CleverPath, andThe vulnerabilities detected are listed here:
BrightStor) were found to all use a common service that has a critical
buffer overflow error.
Widely Deployed Software
(1) CRITICAL: Yahoo! Widgets ActiveX Control Buffer Overflow
(2) CRITICAL: Computer Associates Multiple Products Multiple Vulnerabilities
(3) CRITICAL: BakBone NetVault Reporter Scheduler Buffer Overflow
(4) HIGH: Panda Antivirus Products Multiple Vulnerabilities
(5) HIGH: Borland InterBase Create Request Buffer Overflow
(6) HIGH: ESET NOD32 Multiple Vulnerabilities
(7) HIGH: Norman Antivirus Multiple Vulnerabilities
Quite a lot of sensitive programs, especially those of NOD32 and Norman, two mostly respected and widely used antivirus products. I hope they'll get the patches out soon enough to calm down the public and their customers.