SupportConnect - Security Notice for eTrust Intrusion Detection caller.dll vulnerability

Security Notice for eTrust Intrusion Detection caller.dll vulnerability

Last Updated: July 25, 2007

CA's customer support is alerting customers to a security risk in eTrust Intrusion Detection. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued updates to address the vulnerabilities.

The vulnerability, CVE-2007-3302, is due to the caller.dll ActiveX control being marked safe for scripting. An attacker, who can lure a user into visiting a malicious website, can potentially gain complete control of an affected installation.

Risk Rating

High

Affected Products

eTrust Intrusion Detection 3.0
eTrust Intrusion Detection 3.0 SP1

How to determine if the installation is affected

For Windows:

  1. Using Windows Explorer, locate the file "caller.dll". By default, the file is located in the "C:\Program Files\CA\eTrust Intrusion Detection\Common" directory.

  2. Right click on the file and select Properties.

  3. For eTrust Intrusion Detection 3.0 SP1, select the Version tab, or, for eTrust Intrusion Detection 3.0, select the General tab.

  4. If the file version or date is earlier than indicated in the table below, the installation is vulnerable.
File Release File Version File Date, Size
caller.dll 3.0 NA 7/13/2007, 32768 bytes
caller.dll 3.0 SP1 3.0.5.81 NA

Solution

CA has provided an update to address the vulnerabilities.

eTrust Intrusion Detection 3.0

Apply QO89893.

eTrust Intrusion Detection 3.0 SP1:

Apply QO89881.

Workaround

As a workaround solution, set the kill bit on the caller.dll ActiveX control.

Note: Before proceeding, review the following Microsoft knowledge base article on disabling ActiveX controls:

http://support.microsoft.com/kb/240797

  1. Using the registry editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{41266C21-18D8-414B-88C0-8DCA6C25CEA0}. If the key does not exist, create it.

  2. Create a DWORD value named "Compatibility Flags" with a value data of 0x00000400.

  3. Restart Internet Explorer.

References

CVE-2007-3302 eTrust Intrusion Detection caller.dll ActiveX control

Acknowledgement

CVE-2007-3302 - Sebastian Apelt working with the iDefense VCP.

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technical Support at http://supportconnect.ca.com.

If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form at https://www.ca.com/us/securityadvisor/vulninfo/submit.aspx.