CVE-2007-3302 - The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (

CVE-2007-3302

Summary

The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions."

References

Vulnerable Configurations

cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
cpe:2.3:a:ca:etrust_intrusion_detection:3.05.81:*:*:*:*:*:*:*
cpe:2.3:a:ca:etrust_intrusion_detection:3.05.81:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 09-04-2021 - 14:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	25050
bugtraq	20070725 [CAID 35524]: CA eTrust Intrusion Detection caller.dll Vulnerability
confirm	http://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-callervilnsecnot.asp http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149811
idefense	20070724 Computer Associates eTrust Intrusion Detection CallCode ActiveX Control Code Execution Vulnerability
sectrack	1018447
secunia	26134
vupen	ADV-2007-2640
xf	ca-etrust-caller-code-execution(35565)

saint via4

bid	25050
description	CA eTrust Intrusion Detection CallCode ActiveX vulnerability
id	misc_av_caetrustcaller
osvdb	37698
title	ca_etrust_id_callcode
type	client

Last major update

09-04-2021 - 14:32

Published

26-07-2007 - 00:30

Last modified

09-04-2021 - 14:32