search cancel

ARD - Need to remove remediate VC++ dll files with security vulnerabilities

book

Article ID: 189120

calendar_today

Updated On:

Products

CA Agile Requirements Designer

Issue/Introduction

Our security team has flagged our ARD 3.0.5.5 system as being at risk for a security vulnerability. The cause of the security failure, is the msvcr100.dll, which is used by Microsoft Visual C++ 2010. Are there any requirements or dependencies that ARD 3.0.5.5 has related to Visual C++ 2010. We need assistance in removing or remediating this issue.

 

 

Cause

The DLL in question is the msvcr100.dll, which is a Microsoft Visual C++ 2010 dll.  The dll version 10.0.30319 is the base Microsoft Visual C++ 2010 Redistributed installation; the 10.0.40219 release is from the Microsoft Visual C++ 2010 Redistributed Service Pack 1 installation.

See Microsoft's KB2565063 -https://support.microsoft.com/en-us/help/2565063/ms11-025-description-of-the-security-update-for-visual-c-2010-service, regarding the Security Update for the Service Pack 1.

Environment

Release : 3.0.5.5

Component : CA Agile Requirements Designer

Resolution

I check our ARD Product Development team, and they confirmed that ARD 3.0.5.5 Studio doesn't have any requirements for Visual C++ 2010. However, we do require the NET Framework 4.5, and Visual C++ 2017 Redistributable x64 (14.10.25008 or higher) be installed for the ARD Studio to properly function.

You can safely uninstall Visual C++ 2010 from the ARD system, as long as the .NET Framework and Visual C++ 2017 installations are intact.

Additional Information

Agile Requirements Designer 3.0 - Verify ARD Installation Prerequisites - https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/continuous-testing/agile-requirements-designer/3-0/installing/verify-installation-prerequisites.html