CA eTrust Intrusion Detection CallCode ActiveX vulnerability

Added: 08/09/2007
CVE: CVE-2007-3302
BID: 25050
OSVDB: 37698

Background

CA eTrust Intrusion Detection includes the CallCode (**Caller.dll**) ActiveX control.

Problem

The CallCode ActiveX control is incorrectly marked safe for scripting. This ActiveX control contains scriptable functions which, if a user loads an attacker’s web page, could be used to load arbitrary DLLs and execute the code contained within.

Resolution

Apply update QO89893 for eTrust Intrusion Detection 3.0 or QO89881 for eTrust Intrusion Detection 3.0 SP1.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=568&gt;
<http://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-callervilnsecnot.asp&gt;

Limitations

Exploit works on CA eTrust Intrusion Detection 3.0 SP1 and requires a user to load the exploit page into Internet Explorer.

In order for this exploit to succeed, the SAINTexploit host must be able to bind to port 69/UDP, and the target host must have access to it.

Platforms

Windows