Vulnerabilities > CVE-2007-3302
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 2 |
Saint
| bid | 25050 |
| description | CA eTrust Intrusion Detection CallCode ActiveX vulnerability |
| id | misc_av_caetrustcaller |
| osvdb | 37698 |
| title | ca_etrust_id_callcode |
| type | client |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 25050 CVE(CAN) ID: CVE-2007-3302 CA的eTrust Intrusion Detection是功能强大的基于网络的入侵检测系统。 eTrust Intrusion Detection的ActiveX控制实现上存在漏洞,远程攻击者可能利用此漏洞控制用户系统。 在安装eTrust Intrusion Detection时会注册以下ActiveX控件: 文件:Caller.dll Clsid:41266C21-18D8-414B-88C0-8DCA6C25CEA0 这个控件中的多个函数允许恶意的网页加载任意DLL并使用可控的参数调用导出,因此允许攻击者以登录用户的权限执行任意指令。 Computer Associates eTrust Intrusion Detection 3.0 SP1 Computer Associates eTrust Intrusion Detection 3.0 临时解决方法: 1 使用注册表编辑器导航到HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{41266C21-18D8-414B-88C0-8DCA6C25CEA0}。如果该键不存在的话,请创建 2 创建名为Compatibility Flags的DWORD值,并设置为0x00000400 3 重启Internet Explorer 厂商补丁: Computer Associates ------------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO89893" target="_blank">http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO89893</a> <a href="http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO89881" target="_blank">http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO89881</a> |
| id | SSV:2039 |
| last seen | 2017-11-19 |
| modified | 2007-07-26 |
| published | 2007-07-26 |
| reporter | Root |
| title | CA ETrust Intrusion Detection Caller.dll控件远程代码执行漏洞 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=568
- http://secunia.com/advisories/26134
- http://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-callervilnsecnot.asp
- http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149811
- http://www.securityfocus.com/archive/1/474599/100/0/threaded
- http://www.securityfocus.com/bid/25050
- http://www.securitytracker.com/id?1018447
- http://www.vupen.com/english/advisories/2007/2640
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35565