Vulnerability Details : CVE-2007-3302
The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions."
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2007-3302
Probability of exploitation activity in the next 30 days: 94.54%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-3302
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2007-3302
-
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149811
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/35565
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=568
Patch
-
http://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-callervilnsecnot.asp
Patch
-
http://www.securityfocus.com/archive/1/474599/100/0/threaded
-
http://www.vupen.com/english/advisories/2007/2640
-
http://www.securitytracker.com/id?1018447
-
http://www.securityfocus.com/bid/25050
Patch
Products affected by CVE-2007-3302
- cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:ca:etrust_intrusion_detection:3.05.81:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*