-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Title: [CAID 35524]: eTrust Intrusion Detection caller.dll
Vulnerability
CA Vuln ID (CAID): 35524
CA Advisory Date: 2007-07-24
Reported By: Sebastian Apelt working with the iDefense VCP
Impact: A remote attacker can execute arbitrary code.
Summary: CA eTrust Intrusion Detection contains a vulnerability
associated with the caller.dll ActiveX control. The vulnerability,
CVE-2007-3302, is due to the caller.dll ActiveX control being
marked safe for scripting. An attacker, who can lure a user into
visiting a malicious website, can potentially gain complete
control of an affected installation.
Mitigating Factors:
1) Attack can only be executed if victim is using a web browser.
2) Attacker must trick victim into visiting a malicious web page.
3) Malicious code will be executed with privileges of currently
logged in user.
Severity: CA has given this vulnerability a High risk rating.
Affected Products:
eTrust Intrusion Detection 3.0
eTrust Intrusion Detection 3.0 SP1
Affected Platforms:
Windows
Status and Recommendation:
CA has provided updates to address the vulnerabilities.
eTrust Intrusion Detection 3.0 - apply QO89893
eTrust Intrusion Detection 3.0 SP1 - apply QO89881
How to determine if you are affected:
For Windows:
File Release File Version File Date, Size
caller.dll 3.0 NA 7/13/2007, 32768 bytes
caller.dll 3.0 SP1 3.0.5.81 NA
Workaround:
As a workaround solution, set the kill bit on the caller.dll
ActiveX control.
Note: Before proceeding, review the following Microsoft knowledge
base article on disabling ActiveX controls:
http://support.microsoft.com/kb/240797
References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
Security Notice for eTrust Intrusion Detection caller.dll
Vulnerability
http://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-c
allervilnsecnot.asp
Solution Document Reference APARs:
QO89893, QO89881
CA Security Advisor posting:
CA eTrust Intrusion Detection caller.dll vulnerability
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149811
CA Vuln ID (CAID): 35524
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35524
Reported By: Sebastian Apelt working with the iDefense VCP
iDefense advisory:
Computer Associates eTrust Intrusion Detection CallCode ActiveX
Control Code Execution Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=568
CVE References:
CVE-2007-3302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3302
OSVDB References: Pending
http://osvdb.org/
Changelog for this advisory:
v1.0 - Initial Release
Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory,
please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your
findings to vuln AT ca DOT com, or utilize our "Submit a
Vulnerability" form.
URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx
Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/
Privacy Policy http://www.ca.com/us/privacy/
Copyright (c) 2007 CA. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
wj8DBQFGpp5QeSWR3+KUGYURArfgAJ4j081YwylGplyT9S3zKo/zFQNP1QCeKoAV
ksmgrOztC75JswvTOO8Dy6w=
=vteU
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/