[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1335FF3F144C424F839EFBA7AD8A56E0097F2C0D@USILMS12.ca.com>
Date: Wed, 9 Jun 2010 12:54:03 -0400
From: "Kotas, Kevin J" <Kevin.Kotas@...com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: CA20100608-01: Security Notice for CA PSFormX and
WebScan ActiveX Controls
-----BEGIN PGP SIGNED MESSAGE-----
CA20100608-01: Security Notice for CA PSFormX and WebScan ActiveX
Controls
Issued: June 8, 2010
CA Technologies support is alerting users to multiple security risks
with the PSFormX and WebScan ActiveX controls previously available
from the CA Global Security Advisor site. Multiple vulnerabilities
exist that can potentially allow a remote attacker to execute
arbitrary code. The vulnerabilities, CVE-2010-2193, are due to
insufficient verification of input parameters. CA has issued a
single replacement ActiveX control for both affected controls in
May of 2009. These controls are not included in any CA product.
Risk Rating
High
Platform
Windows
Affected Products
PSFormX ActiveX control with CLSID
{56393399-041A-4650-94C7-13DFCB1F4665}
WebScan ActiveX control with CLSID
{7B297BFD-85E4-4092-B2AF-16A91B2EA103}
How to determine if the installation is affected
1. Using a registry editor, check for either of the following keys:
PSFormX ActiveX control
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\
ActiveX Compatibility\{56393399-041A-4650-94C7-13DFCB1F4665}]
WebScan ActiveX control
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\
ActiveX Compatibility\{7B297BFD-85E4-4092-B2AF-16A91B2EA103}]
2. For each key present, determine if the kill bit is set as
described in the solution section. If the kill bit is not set, the
installation may be vulnerable.
Solution
The PSFormX and WebScan ActiveX controls were retired from the CA
Global Security Advisor site in May of 2009.
To disable the PSFormX and WebScan controls from running, set the
kill bit for the controls in the registry. Note: review Microsoft
KB article 240797 prior updating the registry.
PSFormX ActiveX control
Create a DWORD with the name of "Compatibility Flags" containing the
value 0x00000400 in the following registry key. If the key does not
exist, create it under the following location:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\
ActiveX Compatibility\{56393399-041A-4650-94C7-13DFCB1F4665}]
WebScan ActiveX control
Create a DWORD with the name of "Compatibility Flags" containing the
value 0x00000400 in the following registry key. If the key does not
exist, create it under the following location:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\
ActiveX Compatibility\{7B297BFD-85E4-4092-B2AF-16A91B2EA103}]
References
CVE-2010-2193 - PSFormX ActiveX and WebScan ActiveX controls input
verification
CA20100608-01: Security Notice for CA PSFormX and WebScan ActiveX
Controls
(line wraps)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=23
8635
Acknowledgement
CVE-2010-2193 - Elazar Broad, Trancek
Change History
Version 1.0: Initial Release
If additional information is required, please contact CA Technologies
Support at http://support.ca.com/
If you discover a vulnerability in a CA Technologies product, please
report your findings to the CA Technologies Product Vulnerability
Response Team.
(line wraps)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17
7782
Kevin Kotas
CA Technologies Product Vulnerability Response Team
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQEVAwUBTA++gJI1FvIeMomJAQGYBwf/WMP4jOWP9/9FmimtOFQso8zUTSCPLMcN
Qh5No2bw3T3VWUimycsS8+KZdTCyKzBFhGOoKk7q+QHl8D8EPlG4OpW3rp7GT7Bx
Ybwqe1f7wvImtsvpa570YDVt9Vak9xndA2W6hCNeByFyC6rCD2DpMg2LbpXQz/uw
/nwIjD6+wMbo927eFVxdLYFuBZYTxwXVaYXpvMJQR2sbKR8WkDsp2i//HUP0wZLP
yxBR37DoxUD35N3yfvW4UQ0BDOPAHFRwZ7+e4zywNKbMHNY2NZ0w/Q2u0bQ45/kn
pQhiZdceVqISATEhjUOG96nDgIjFWWflnKrVdx5a8JjcBeEzicYCJg==
=mWkJ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists