Computer Associates eTrust Intrusion Detection is a network intrusion
management and prevention system, that includes real-time session
monitoring and Internet web filtering capabilities. More information
can be found on the vendor's site at the following URL.
Remote exploitation of a design error vulnerability in Computer
Associates International Inc.'s (CA) eTrust Intrusion Detection allows
attackers to execute arbitrary code.
When eTrust Intrusion Detection is installed it registers the following
ActiveX control as safe for scripting:
This control contains a series of scriptable functions which allow
malicious web pages to load arbitrary DLLs and call their exports with
controlled parameters.
III. ANALYSIS
Exploitation allows an attacker to execute code with the privileges of
the currently logged on user. The user would have to be lured into
visiting a malicious web page.
IV. DETECTION
iDefense has confirmed that CA eTrust Intrusion Detection version 3.0.5
on Windows is vulnerable. The file version of caller.dll tested was
3.0.5.55.
V. WORKAROUND
Setting the kill-bit for this control will prevent it from being loaded
within Internet Explorer.
VI. VENDOR RESPONSE
Computer Associates has addressed this vulnerability by releasing an
update. More information can be found from their advisory at the
following URL.
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2007-3302 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.
{"id": "SECURITYVULNS:DOC:17602", "bulletinFamily": "software", "title": "iDefense Security Advisory 07.24.07: Computer Associates eTrust Intrusion Detection CallCode ActiveX Control Code Execution Vulnerability", "description": "Computer Associates eTrust Intrusion Detection CallCode ActiveX Control\r\nCode Execution Vulnerability\r\n\r\niDefense Security Advisory 07.24.07\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nJul 24, 2007\r\n\r\nI. BACKGROUND\r\n\r\nComputer Associates eTrust Intrusion Detection is a network intrusion\r\nmanagement and prevention system, that includes real-time session\r\nmonitoring and Internet web filtering capabilities. More information\r\ncan be found on the vendor's site at the following URL.\r\n\r\nhttp://supportconnectw.ca.com/public/etrust/etrust_intrusion/etrustintrusion_supp.asp\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a design error vulnerability in Computer\r\nAssociates International Inc.'s (CA) eTrust Intrusion Detection allows\r\nattackers to execute arbitrary code.\r\n\r\nWhen eTrust Intrusion Detection is installed it registers the following\r\nActiveX control as safe for scripting:\r\n\r\n File: Caller.dll\r\n Clsid: 41266C21-18D8-414B-88C0-8DCA6C25CEA0\r\n\r\nThis control contains a series of scriptable functions which allow\r\nmalicious web pages to load arbitrary DLLs and call their exports with\r\ncontrolled parameters.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation allows an attacker to execute code with the privileges of\r\nthe currently logged on user. The user would have to be lured into\r\nvisiting a malicious web page.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed that CA eTrust Intrusion Detection version 3.0.5\r\non Windows is vulnerable. The file version of caller.dll tested was\r\n3.0.5.55.\r\n\r\nV. WORKAROUND\r\n\r\nSetting the kill-bit for this control will prevent it from being loaded\r\nwithin Internet Explorer.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nComputer Associates has addressed this vulnerability by releasing an\r\nupdate. More information can be found from their advisory at the\r\nfollowing URL.\r\n\r\nhttp://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-callervilnsecnot.asp\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2007-3302 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n06/20/2007 Initial vendor notification\r\n06/20/2007 Initial vendor response\r\n07/24/2007 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was reported to iDefense by Sebastian Apelt.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2007 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.", "published": "2007-07-25T00:00:00", "modified": "2007-07-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17602", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2007-3302"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:22", "edition": 1, "viewCount": 6, "enchantments": {"score": {"value": 7.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2007-117"]}, {"type": "cve", "idList": ["CVE-2007-3302"]}, {"type": "saint", "idList": ["SAINT:44DBC1363AF45B9D20D17057BB30AE86", "SAINT:5B62BBBDD01D2B99D3E4FE61213C4BE9", "SAINT:6B83770CE10467878B8724E223440696", "SAINT:6F09E343FED80B69E079401274E41C6C"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:17604", "SECURITYVULNS:VULN:7976"]}, {"type": "seebug", "idList": ["SSV:2039"]}]}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2007-3302"]}, {"type": "saint", "idList": ["SAINT:44DBC1363AF45B9D20D17057BB30AE86"]}, {"type": "seebug", "idList": ["SSV:2039"]}]}, "exploitation": null, "vulnersScore": 7.6}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}
{"saint": [{"lastseen": "2016-10-03T15:01:55", "description": "Added: 08/09/2007 \nCVE: [CVE-2007-3302](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3302>) \nBID: [25050](<http://www.securityfocus.com/bid/25050>) \nOSVDB: [37698](<http://www.osvdb.org/37698>) \n\n\n### Background\n\n[CA eTrust Intrusion Detection](<http://www.ca.com/us/products/product.aspx?id=163>) includes the CallCode (`**Caller.dll**`) ActiveX control. \n\n### Problem\n\nThe CallCode ActiveX control is incorrectly marked safe for scripting. This ActiveX control contains scriptable functions which, if a user loads an attacker's web page, could be used to load arbitrary DLLs and execute the code contained within. \n\n### Resolution\n\nApply update [QO89893](<http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO89893&startsearch=1>) for eTrust Intrusion Detection 3.0 or [QO89881](<http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO89881&startsearch=1>) for eTrust Intrusion Detection 3.0 SP1. \n\n### References\n\n<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=568> \n<http://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-callervilnsecnot.asp> \n\n\n### Limitations\n\nExploit works on CA eTrust Intrusion Detection 3.0 SP1 and requires a user to load the exploit page into Internet Explorer. \n\nIn order for this exploit to succeed, the SAINTexploit host must be able to bind to port 69/UDP, and the target host must have access to it. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2007-08-09T00:00:00", "type": "saint", "title": "CA eTrust Intrusion Detection CallCode ActiveX vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2007-3302"], "modified": "2007-08-09T00:00:00", "id": "SAINT:44DBC1363AF45B9D20D17057BB30AE86", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/ca_etrust_id_callcode", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-07-28T14:33:32", "description": "Added: 08/09/2007 \nCVE: [CVE-2007-3302](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3302>) \nBID: [25050](<http://www.securityfocus.com/bid/25050>) \nOSVDB: [37698](<http://www.osvdb.org/37698>) \n\n\n### Background\n\n[CA eTrust Intrusion Detection](<http://www.ca.com/us/products/product.aspx?id=163>) includes the CallCode (`**Caller.dll**`) ActiveX control. \n\n### Problem\n\nThe CallCode ActiveX control is incorrectly marked safe for scripting. This ActiveX control contains scriptable functions which, if a user loads an attacker's web page, could be used to load arbitrary DLLs and execute the code contained within. \n\n### Resolution\n\nApply update [QO89893](<http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO89893&startsearch=1>) for eTrust Intrusion Detection 3.0 or [QO89881](<http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO89881&startsearch=1>) for eTrust Intrusion Detection 3.0 SP1. \n\n### References\n\n<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=568> \n<http://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-callervilnsecnot.asp> \n\n\n### Limitations\n\nExploit works on CA eTrust Intrusion Detection 3.0 SP1 and requires a user to load the exploit page into Internet Explorer. \n\nIn order for this exploit to succeed, the SAINTexploit host must be able to bind to port 69/UDP, and the target host must have access to it. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2007-08-09T00:00:00", "type": "saint", "title": "CA eTrust Intrusion Detection CallCode ActiveX vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3302"], "modified": "2007-08-09T00:00:00", "id": "SAINT:6B83770CE10467878B8724E223440696", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/ca_etrust_id_callcode", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T16:40:31", "description": "Added: 08/09/2007 \nCVE: [CVE-2007-3302](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3302>) \nBID: [25050](<http://www.securityfocus.com/bid/25050>) \nOSVDB: [37698](<http://www.osvdb.org/37698>) \n\n\n### Background\n\n[CA eTrust Intrusion Detection](<http://www.ca.com/us/products/product.aspx?id=163>) includes the CallCode (`**Caller.dll**`) ActiveX control. \n\n### Problem\n\nThe CallCode ActiveX control is incorrectly marked safe for scripting. This ActiveX control contains scriptable functions which, if a user loads an attacker's web page, could be used to load arbitrary DLLs and execute the code contained within. \n\n### Resolution\n\nApply update [QO89893](<http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO89893&startsearch=1>) for eTrust Intrusion Detection 3.0 or [QO89881](<http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO89881&startsearch=1>) for eTrust Intrusion Detection 3.0 SP1. \n\n### References\n\n<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=568> \n<http://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-callervilnsecnot.asp> \n\n\n### Limitations\n\nExploit works on CA eTrust Intrusion Detection 3.0 SP1 and requires a user to load the exploit page into Internet Explorer. \n\nIn order for this exploit to succeed, the SAINTexploit host must be able to bind to port 69/UDP, and the target host must have access to it. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2007-08-09T00:00:00", "type": "saint", "title": "CA eTrust Intrusion Detection CallCode ActiveX vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3302"], "modified": "2007-08-09T00:00:00", "id": "SAINT:6F09E343FED80B69E079401274E41C6C", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/ca_etrust_id_callcode", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-26T11:33:55", "description": "Added: 08/09/2007 \nCVE: [CVE-2007-3302](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3302>) \nBID: [25050](<http://www.securityfocus.com/bid/25050>) \nOSVDB: [37698](<http://www.osvdb.org/37698>) \n\n\n### Background\n\n[CA eTrust Intrusion Detection](<http://www.ca.com/us/products/product.aspx?id=163>) includes the CallCode (`**Caller.dll**`) ActiveX control. \n\n### Problem\n\nThe CallCode ActiveX control is incorrectly marked safe for scripting. This ActiveX control contains scriptable functions which, if a user loads an attacker's web page, could be used to load arbitrary DLLs and execute the code contained within. \n\n### Resolution\n\nApply update [QO89893](<http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO89893&startsearch=1>) for eTrust Intrusion Detection 3.0 or [QO89881](<http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO89881&startsearch=1>) for eTrust Intrusion Detection 3.0 SP1. \n\n### References\n\n<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=568> \n<http://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-callervilnsecnot.asp> \n\n\n### Limitations\n\nExploit works on CA eTrust Intrusion Detection 3.0 SP1 and requires a user to load the exploit page into Internet Explorer. \n\nIn order for this exploit to succeed, the SAINTexploit host must be able to bind to port 69/UDP, and the target host must have access to it. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2007-08-09T00:00:00", "type": "saint", "title": "CA eTrust Intrusion Detection CallCode ActiveX vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3302"], "modified": "2007-08-09T00:00:00", "id": "SAINT:5B62BBBDD01D2B99D3E4FE61213C4BE9", "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/ca_etrust_id_callcode", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T12:46:31", "description": "A remote code execution vulnerability has been reported in CA eTrust Intrusion Detection. CA eTrust Intrusion Detection is a network intrusion management and prevention system, that includes real-time session monitoring and Internet web filtering capabilities. A remote attacker could exploit this issue by convincing a user to visit a specially crafted HTML document or open a malicious web page. Successful exploitation could result in remote code execution on the target system once the malicious page is loaded.", "cvss3": {}, "published": "2007-10-10T00:00:00", "type": "checkpoint_advisories", "title": "CA eTrust Intrusion Detection CallCode ActiveX Control Code Execution (CVE-2007-3302)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3302"], "modified": "2007-10-10T00:00:00", "id": "CPAI-2007-117", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:22", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nTitle: [CAID 35524]: eTrust Intrusion Detection caller.dll \r\nVulnerability\r\n\r\nCA Vuln ID (CAID): 35524\r\n\r\nCA Advisory Date: 2007-07-24\r\n\r\nReported By: Sebastian Apelt working with the iDefense VCP\r\n\r\nImpact: A remote attacker can execute arbitrary code.\r\n\r\nSummary: CA eTrust Intrusion Detection contains a vulnerability \r\nassociated with the caller.dll ActiveX control. The vulnerability, \r\nCVE-2007-3302, is due to the caller.dll ActiveX control being \r\nmarked safe for scripting. An attacker, who can lure a user into \r\nvisiting a malicious website, can potentially gain complete \r\ncontrol of an affected installation. \r\n\r\nMitigating Factors:\r\n1) Attack can only be executed if victim is using a web browser.\r\n2) Attacker must trick victim into visiting a malicious web page.\r\n3) Malicious code will be executed with privileges of currently \r\n logged in user.\r\n\r\nSeverity: CA has given this vulnerability a High risk rating.\r\n\r\nAffected Products:\r\neTrust Intrusion Detection 3.0\r\neTrust Intrusion Detection 3.0 SP1\r\n\r\nAffected Platforms:\r\nWindows\r\n\r\nStatus and Recommendation:\r\nCA has provided updates to address the vulnerabilities. \r\n\r\neTrust Intrusion Detection 3.0 - apply QO89893\r\n\r\neTrust Intrusion Detection 3.0 SP1 - apply QO89881\r\n\r\nHow to determine if you are affected:\r\nFor Windows:\r\n1. Using Windows Explorer, locate the file \u201ccaller.dll\u201d. By \r\n default, the file is located in the \r\n \u201cC:\Program Files\CA\eTrust Intrusion Detection\Common\u201d \r\n directory.\r\n2. Right click on the file and select Properties.\r\n3. For eTrust Intrusion Detection 3.0 SP1, select the Version tab, \r\n or, for eTrust Intrusion Detection 3.0, select the General tab.\r\n4. If the file version or date is earlier than indicated in the \r\n table below, the installation is vulnerable.\r\n\r\nFile Release File Version File Date, Size\r\ncaller.dll 3.0 NA 7/13/2007, 32768 bytes\r\ncaller.dll 3.0 SP1 3.0.5.81 NA\r\n\r\nWorkaround:\r\nAs a workaround solution, set the kill bit on the caller.dll \r\nActiveX control.\r\n\r\nNote: Before proceeding, review the following Microsoft knowledge \r\nbase article on disabling ActiveX controls:\r\nhttp://support.microsoft.com/kb/240797\r\n\r\n1. Using the registry editor, navigate to HKEY_LOCAL_MACHINE\\r\n SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\\r\n {41266C21-18D8-414B-88C0-8DCA6C25CEA0}. If the key does not \r\n exist, create it.\r\n2. Create a DWORD value named "Compatibility Flags" with a value \r\n data of 0x00000400.\r\n3. Restart Internet Explorer.\r\n\r\nReferences (URLs may wrap):\r\nCA SupportConnect:\r\nhttp://supportconnect.ca.com/\r\nSecurity Notice for eTrust Intrusion Detection caller.dll \r\nVulnerability\r\nhttp://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-c\r\nallervilnsecnot.asp\r\nSolution Document Reference APARs:\r\nQO89893, QO89881\r\nCA Security Advisor posting: \r\nCA eTrust Intrusion Detection caller.dll vulnerability\r\nhttp://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149811\r\nCA Vuln ID (CAID): 35524\r\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35524\r\nReported By: Sebastian Apelt working with the iDefense VCP\r\niDefense advisory: \r\nComputer Associates eTrust Intrusion Detection CallCode ActiveX \r\nControl Code Execution Vulnerability\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=568\r\nCVE References:\r\nCVE-2007-3302\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3302\r\nOSVDB References: Pending\r\nhttp://osvdb.org/\r\n\r\nChangelog for this advisory:\r\nv1.0 - Initial Release\r\n\r\nCustomers who require additional information should contact CA\r\nTechnical Support at http://supportconnect.ca.com.\r\n\r\nFor technical questions or comments related to this advisory, \r\nplease send email to vuln AT ca DOT com.\r\n\r\nIf you discover a vulnerability in CA products, please report your\r\nfindings to vuln AT ca DOT com, or utilize our "Submit a \r\nVulnerability" form. \r\nURL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx\r\n\r\n\r\nRegards,\r\nKen Williams ; 0xE2941985\r\nDirector, CA Vulnerability Research\r\n\r\nCA, 1 CA Plaza, Islandia, NY 11749\r\n \r\nContact http://www.ca.com/us/contact/\r\nLegal Notice http://www.ca.com/us/legal/\r\nPrivacy Policy http://www.ca.com/us/privacy/\r\nCopyright (c) 2007 CA. All rights reserved.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP Desktop 9.5.3 (Build 5003)\r\n\r\nwj8DBQFGpp5QeSWR3+KUGYURArfgAJ4j081YwylGplyT9S3zKo/zFQNP1QCeKoAV\r\nksmgrOztC75JswvTOO8Dy6w=\r\n=vteU\r\n-----END PGP SIGNATURE-----\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "edition": 1, "cvss3": {}, "published": "2007-07-25T00:00:00", "title": "[Full-disclosure] [CAID 35524]: CA eTrust Intrusion Detection caller.dll Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2007-3302"], "modified": "2007-07-25T00:00:00", "id": "SECURITYVULNS:DOC:17604", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17604", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:18:02", "description": "CallCode ActiveX allows access to unsafe functions.", "edition": 2, "cvss3": {}, "published": "2007-07-25T00:00:00", "title": "Computer Associates eTrust Intrusion Detection code execution", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2007-3302"], "modified": "2007-07-25T00:00:00", "id": "SECURITYVULNS:VULN:7976", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7976", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T22:00:21", "description": "BUGTRAQ ID: 25050\r\nCVE(CAN) ID: CVE-2007-3302\r\n\r\nCA\u7684eTrust Intrusion Detection\u662f\u529f\u80fd\u5f3a\u5927\u7684\u57fa\u4e8e\u7f51\u7edc\u7684\u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf\u3002\r\n\r\neTrust Intrusion Detection\u7684ActiveX\u63a7\u5236\u5b9e\u73b0\u4e0a\u5b58\u5728\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n\u5728\u5b89\u88c5eTrust Intrusion Detection\u65f6\u4f1a\u6ce8\u518c\u4ee5\u4e0bActiveX\u63a7\u4ef6\uff1a \r\n\r\n \u6587\u4ef6\uff1aCaller.dll \r\n Clsid\uff1a41266C21-18D8-414B-88C0-8DCA6C25CEA0 \r\n\r\n\u8fd9\u4e2a\u63a7\u4ef6\u4e2d\u7684\u591a\u4e2a\u51fd\u6570\u5141\u8bb8\u6076\u610f\u7684\u7f51\u9875\u52a0\u8f7d\u4efb\u610fDLL\u5e76\u4f7f\u7528\u53ef\u63a7\u7684\u53c2\u6570\u8c03\u7528\u5bfc\u51fa\uff0c\u56e0\u6b64\u5141\u8bb8\u653b\u51fb\u8005\u4ee5\u767b\u5f55\u7528\u6237\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\n\nComputer Associates eTrust Intrusion Detection 3.0 SP1\r\nComputer Associates eTrust Intrusion Detection 3.0\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n1 \u4f7f\u7528\u6ce8\u518c\u8868\u7f16\u8f91\u5668\u5bfc\u822a\u5230HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\{41266C21-18D8-414B-88C0-8DCA6C25CEA0}\u3002\u5982\u679c\u8be5\u952e\u4e0d\u5b58\u5728\u7684\u8bdd\uff0c\u8bf7\u521b\u5efa\r\n2 \u521b\u5efa\u540d\u4e3aCompatibility Flags\u7684DWORD\u503c\uff0c\u5e76\u8bbe\u7f6e\u4e3a0x00000400\r\n3 \u91cd\u542fInternet Explorer\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nComputer Associates\r\n-------------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO89893\" target=\"_blank\">http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO89893</a>\r\n<a href=\"http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO89881\" target=\"_blank\">http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO89881</a>", "cvss3": {}, "published": "2007-07-26T00:00:00", "title": "CA ETrust Intrusion Detection Caller.dll\u63a7\u4ef6\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2007-3302"], "modified": "2007-07-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2039", "id": "SSV:2039", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2022-03-23T12:29:43", "description": "The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified \"scriptable functions.\"", "cvss3": {}, "published": "2007-07-26T00:30:00", "type": "cve", "title": "CVE-2007-3302", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3302"], "modified": "2021-04-09T14:32:00", "cpe": ["cpe:/a:ca:etrust_intrusion_detection:3.05.81", "cpe:/a:ca:etrust_intrusion_detection:3.0", "cpe:/a:broadcom:etrust_intrusion_detection:3.0"], "id": "CVE-2007-3302", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3302", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ca:etrust_intrusion_detection:3.05.81:*:*:*:*:*:*:*"]}]}
