ARD - Need to remove remediate VC++ dll files with security vulnerabilities
book
Article ID: 189120
calendar_today
Updated On:
Products
CA Agile Requirements Designer
Issue/Introduction
Our security team has flagged our ARD 3.0.5.5 system as being at risk for a security vulnerability. The cause of the security failure, is the msvcr100.dll, which is used by Microsoft Visual C++ 2010. Are there any requirements or dependencies that ARD 3.0.5.5 has related to Visual C++ 2010. We need assistance in removing or remediating this issue.
Environment
Release : 3.0.5.5
Component : CA Agile Requirements Designer
Cause
The DLL in question is the msvcr100.dll, which is a Microsoft Visual C++ 2010 dll. The dll version 10.0.30319 is the base Microsoft Visual C++ 2010 Redistributed installation; the 10.0.40219 release is from the Microsoft Visual C++ 2010 Redistributed Service Pack 1 installation.
I check our ARD Product Development team, and they confirmed that ARD 3.0.5.5 Studio doesn't have any requirements for Visual C++ 2010. However, we do require the NET Framework 4.5, and Visual C++ 2017 Redistributable x64 (14.10.25008 or higher) be installed for the ARD Studio to properly function.
You can safely uninstall Visual C++ 2010 from the ARD system, as long as the .NET Framework and Visual C++ 2017 installations are intact.