Check Point Advisories

CA Multiple Products gui_cm_ctrls ActiveX Control Memory Corruption (CVE-2008-1786)

Vulnerability
Protection

Check Point Reference:	CPAI-2008-288
Date Published:	21 Feb 2010
Severity:	Medium
Last Updated:	Sunday 21 February, 2010
Source:
Industry Reference:	CVE-2008-1786
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description	CA (Computer Associates) provides a group of products intended for enhancing the security of enterprise as well as individual clients. A memory corruption vulnerability exists in CA Multiple Products. The issue is due to an insufficient verification of function arguments. A remote attacker could exploit the vulnerability via a crafted web page. Successful exploitation might lead to execution of arbitrary code in the security context of the currently logged in user. In case of an attack where code execution is successful, the behavior of the target will depend on the intention of the attacker. Any injected code will be executed within the security context of the currently logged in user. In case of an attack where code execution is unsuccessful, Internet Explorer may terminate abnormally.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the CA Multiple Products gui_cm_ctrls ActiveX Control Memory Corruption protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Web Client Enforcement Violation.
Attack Information: CA multiple products gui_cm_ctrls ActiveX control memory corruption