CA20100608-01: Security Notice for CA PSFormX and WebScan ActiveX Controls

-----BEGIN PGP SIGNED MESSAGE-----

CA20100608-01: Security Notice for CA PSFormX and WebScan ActiveX
Controls

Issued: June 8, 2010

CA Technologies support is alerting users to multiple security risks
with the PSFormX and WebScan ActiveX controls previously available
from the CA Global Security Advisor site. Multiple vulnerabilities
exist that can potentially allow a remote attacker to execute
arbitrary code. The vulnerabilities, CVE-2010-2193, are due to
insufficient verification of input parameters. CA has issued a
single replacement ActiveX control for both affected controls in
May of 2009. These controls are not included in any CA product.

Risk Rating

High

Platform

Windows

Affected Products

PSFormX ActiveX control with CLSID
{56393399-041A-4650-94C7-13DFCB1F4665}

WebScan ActiveX control with CLSID
{7B297BFD-85E4-4092-B2AF-16A91B2EA103}

How to determine if the installation is affected

1. Using a registry editor, check for either of the following keys:

PSFormX ActiveX control
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\
ActiveX Compatibility\{56393399-041A-4650-94C7-13DFCB1F4665}]

WebScan ActiveX control
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\
ActiveX Compatibility\{7B297BFD-85E4-4092-B2AF-16A91B2EA103}]

2. For each key present, determine if the kill bit is set as
   described in the solution section. If the kill bit is not set, the
   installation may be vulnerable.

Solution

The PSFormX and WebScan ActiveX controls were retired from the CA
Global Security Advisor site in May of 2009.

To disable the PSFormX and WebScan controls from running, set the
kill bit for the controls in the registry. Note: review Microsoft
KB article 240797 prior updating the registry.

PSFormX ActiveX control

Create a DWORD with the name of "Compatibility Flags" containing the
value 0x00000400 in the following registry key. If the key does not
exist, create it under the following location:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\
ActiveX Compatibility\{56393399-041A-4650-94C7-13DFCB1F4665}]

WebScan ActiveX control

Create a DWORD with the name of "Compatibility Flags" containing the
value 0x00000400 in the following registry key. If the key does not
exist, create it under the following location:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\
ActiveX Compatibility\{7B297BFD-85E4-4092-B2AF-16A91B2EA103}]

References

CVE-2010-2193 - PSFormX ActiveX and WebScan ActiveX controls input
verification

CA20100608-01: Security Notice for CA PSFormX and WebScan ActiveX
Controls
(line wraps)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=23
8635

Acknowledgement

CVE-2010-2193 - Elazar Broad, Trancek

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies
Support at http://support.ca.com/

If you discover a vulnerability in a CA Technologies product, please
report your findings to the CA Technologies Product Vulnerability
Response Team.
(line wraps)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17
7782

Kevin Kotas
CA Technologies Product Vulnerability Response Team

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBTA++gJI1FvIeMomJAQGYBwf/WMP4jOWP9/9FmimtOFQso8zUTSCPLMcN
Qh5No2bw3T3VWUimycsS8+KZdTCyKzBFhGOoKk7q+QHl8D8EPlG4OpW3rp7GT7Bx
Ybwqe1f7wvImtsvpa570YDVt9Vak9xndA2W6hCNeByFyC6rCD2DpMg2LbpXQz/uw
/nwIjD6+wMbo927eFVxdLYFuBZYTxwXVaYXpvMJQR2sbKR8WkDsp2i//HUP0wZLP
yxBR37DoxUD35N3yfvW4UQ0BDOPAHFRwZ7+e4zywNKbMHNY2NZ0w/Q2u0bQ45/kn
pQhiZdceVqISATEhjUOG96nDgIjFWWflnKrVdx5a8JjcBeEzicYCJg==
=mWkJ
-----END PGP SIGNATURE-----