CA PSFormX and WebScan ActiveX Controls Security Notice

2010.06.15
Risk: High
Local: No
Remote: Yes


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

-----BEGIN PGP SIGNED MESSAGE----- CA20100608-01: Security Notice for CA PSFormX and WebScan ActiveX Controls Issued: June 8, 2010 CA Technologies support is alerting users to multiple security risks with the PSFormX and WebScan ActiveX controls previously available from the CA Global Security Advisor site. Multiple vulnerabilities exist that can potentially allow a remote attacker to execute arbitrary code. The vulnerabilities, CVE-2010-2193, are due to insufficient verification of input parameters. CA has issued a single replacement ActiveX control for both affected controls in May of 2009. These controls are not included in any CA product. Risk Rating High Platform Windows Affected Products PSFormX ActiveX control with CLSID {56393399-041A-4650-94C7-13DFCB1F4665} WebScan ActiveX control with CLSID {7B297BFD-85E4-4092-B2AF-16A91B2EA103} How to determine if the installation is affected 1. Using a registry editor, check for either of the following keys: PSFormX ActiveX control [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet ExplorerActiveX Compatibility\{56393399-041A-4650-94C7-13DFCB1F4665}] WebScan ActiveX control [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet ExplorerActiveX Compatibility\{7B297BFD-85E4-4092-B2AF-16A91B2EA103}] 2. For each key present, determine if the kill bit is set as described in the solution section. If the kill bit is not set, the installation may be vulnerable. Solution The PSFormX and WebScan ActiveX controls were retired from the CA Global Security Advisor site in May of 2009. To disable the PSFormX and WebScan controls from running, set the kill bit for the controls in the registry. Note: review Microsoft KB article 240797 prior updating the registry. PSFormX ActiveX control Create a DWORD with the name of "Compatibility Flags" containing the value 0x00000400 in the following registry key. If the key does not exist, create it under the following location: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet ExplorerActiveX Compatibility\{56393399-041A-4650-94C7-13DFCB1F4665}] WebScan ActiveX control Create a DWORD with the name of "Compatibility Flags" containing the value 0x00000400 in the following registry key. If the key does not exist, create it under the following location: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet ExplorerActiveX Compatibility\{7B297BFD-85E4-4092-B2AF-16A91B2EA103}] References CVE-2010-2193 - PSFormX ActiveX and WebScan ActiveX controls input verification CA20100608-01: Security Notice for CA PSFormX and WebScan ActiveX Controls (line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=23 8635 Acknowledgement CVE-2010-2193 - Elazar Broad, Trancek Change History Version 1.0: Initial Release If additional information is required, please contact CA Technologies Support at http://support.ca.com/ If you discover a vulnerability in a CA Technologies product, please report your findings to the CA Technologies Product Vulnerability Response Team. (line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Kevin Kotas CA Technologies Product Vulnerability Response Team -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBTA++gJI1FvIeMomJAQGYBwf/WMP4jOWP9/9FmimtOFQso8zUTSCPLMcN Qh5No2bw3T3VWUimycsS8+KZdTCyKzBFhGOoKk7q+QHl8D8EPlG4OpW3rp7GT7Bx Ybwqe1f7wvImtsvpa570YDVt9Vak9xndA2W6hCNeByFyC6rCD2DpMg2LbpXQz/uw /nwIjD6+wMbo927eFVxdLYFuBZYTxwXVaYXpvMJQR2sbKR8WkDsp2i//HUP0wZLP yxBR37DoxUD35N3yfvW4UQ0BDOPAHFRwZ7+e4zywNKbMHNY2NZ0w/Q2u0bQ45/kn pQhiZdceVqISATEhjUOG96nDgIjFWWflnKrVdx5a8JjcBeEzicYCJg== =mWkJ -----END PGP SIGNATURE-----

References:

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=238635
http://www.securityfocus.com/bid/40689
http://www.securityfocus.com/bid/40494
http://www.securityfocus.com/archive/1/archive/1/511764/100/0/threaded


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top