Vulnerability Details : CVE-2007-3302
The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions."
Vulnerability category: Execute code
Products affected by CVE-2007-3302
- cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:ca:etrust_intrusion_detection:3.05.81:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-3302
94.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-3302
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2007-3302
-
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149811
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/35565
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=568
Patch
-
http://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-callervilnsecnot.asp
Patch
-
http://www.securityfocus.com/archive/1/474599/100/0/threaded
-
http://www.vupen.com/english/advisories/2007/2640
-
http://www.securitytracker.com/id?1018447
-
http://www.securityfocus.com/bid/25050
Patch
Jump to