CA20100608-01: Security Notice for CA PSFormX and WebScan ActiveX Controls

Issued: June 8, 2010

CA Technologies support is alerting users to multiple security risks with the PSFormX and WebScan ActiveX controls previously available from the CA Global Security Advisor site. Multiple vulnerabilities exist that can potentially allow a remote attacker to execute arbitrary code. The vulnerabilities, CVE-2010-2193, are due to insufficient verification of input parameters. CA has issued a single replacement ActiveX control for both affected controls in May of 2009. These controls are not included in any CA product.

Risk Rating

High

Platform

Windows

Affected Products

PSFormX ActiveX control with CLSID %7B56393399-041A-4650-94C7-13DFCB1F4665%7D

WebScan ActiveX control with CLSID %7B7B297BFD-85E4-4092-B2AF-16A91B2EA103%7D

How to determine if the installation is affected

  1. Using a registry editor, check for either of the following keys:

    PSFormX ActiveX control
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\%7B56393399-041A-4650-94C7-13DFCB1F4665%7D]

    WebScan ActiveX control
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\%7B7B297BFD-85E4-4092-B2AF-16A91B2EA103%7D]

  2. For each key present, determine if the kill bit is set as described in the solution section. If the kill bit is not set, the installation may be vulnerable.

Solution

The PSFormX and WebScan ActiveX controls were retired from the CA Global Security Advisor site in May of 2009.

To disable the PSFormX and WebScan controls from running, set the kill bit for the controls in the registry. Note: review Microsoft KB article 240797 prior updating the registry.

PSFormX ActiveX control

Create a DWORD with the name of "Compatibility Flags" containing the value 0x00000400 in the following registry key. If the key does not exist, create it under the following location:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\%7B56393399-041A-4650-94C7-13DFCB1F4665%7D]

WebScan ActiveX control

Create a DWORD with the name of "Compatibility Flags" containing the value 0x00000400 in the following registry key. If the key does not exist, create it under the following location:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\%7B7B297BFD-85E4-4092-B2AF-16A91B2EA103%7D]

References

CVE-2010-2193 - PSFormX ActiveX and WebScan ActiveX controls input verification

Acknowledgement

CVE-2010-2193 - Elazar Broad, Trancek

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies Support at http://support.ca.com.

If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team.

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing