CVE-2007-3302
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions."
El control de ActiveX CallCode en el caller.dll 3.0 anterior al 20070713 y el 3.0 SP1 anterior al 3.0.5.81, en el CA (antiguamente conocido como Computer Associates) eTrust Intrusion Detection permite a atacantes remotos la carga de DLLs de su elección en un sistema cliente, y ejecutar código desde esas DLLs mediante "funciones incluida en secuencias de comandos" sin especificar.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-06-20 CVE Reserved
- 2007-07-26 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149811 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/474599/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1018447 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/2640 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35565 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=568 | 2021-04-09 | |
| http://secunia.com/advisories/26134 | 2021-04-09 | |
| http://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-callervilnsecnot.asp | 2021-04-09 | |
| http://www.securityfocus.com/bid/25050 | 2021-04-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Broadcom Search vendor "Broadcom" | Etrust Intrusion Detection Search vendor "Broadcom" for product "Etrust Intrusion Detection" | 3.0 Search vendor "Broadcom" for product "Etrust Intrusion Detection" and version "3.0" | - |
Affected
| ||||||
| Ca Search vendor "Ca" | Etrust Intrusion Detection Search vendor "Ca" for product "Etrust Intrusion Detection" | 3.0 Search vendor "Ca" for product "Etrust Intrusion Detection" and version "3.0" | sp1 |
Affected
| ||||||
| Ca Search vendor "Ca" | Etrust Intrusion Detection Search vendor "Ca" for product "Etrust Intrusion Detection" | 3.05.81 Search vendor "Ca" for product "Etrust Intrusion Detection" and version "3.05.81" | - |
Affected
| ||||||