Title: Computer Associates InoculateIT MS Exchange Agent Vulnerability
Severity: MODERATE
Description:
InoculateIT 4.52 is a popular antivirus agent for Microsoft Exchange Servers.
A vulnerability exists in the InoculateIT Agent for MS Exchange that can allow a local attacker to pass a virus through both the agent and MS Exchange Server. There are reportedly numerous methods by which this can be accomplished, one of which is to remove the "From:" field in a infected message (MIME attachment included) and submit the message to the Exchange server. The Inoculate Agent will not detect the infected file when it is submitted in this manner.
If different organizations are using MS Exchange Server and InoculateIT Agents (with MS IMC being used to send the messages) the following vulnerabilities can exist:
If a message is sent with only an infected file in the body of the message and no text, the Inoculate IT Agents will not detect the virus.
If a message contains embedded characters and an infected attachment, InoculateIT will not open the attachment for scanning.
InoculateIT only scans for messages destined for an Inbox folder. If a ruleset exists on the server whereby messages are directed to another mailbox, an infected file can bypass virus scanning.
Affected Products:
- Computer Associates InoculateIT 4.53.0
- Microsoft Exchange Server 5.5.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
