CVE-2011-1036

Published Feb 25, 2011

Last updated a year ago

Overview

Description: The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 8.8
Impact score: 9.2
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ca:host-based_intrusion_prevention_system:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4924C835-EBFB-4B03-95A0-5FF7242D9A41"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ca:internet_security_suite_2010:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62567F6E-86F1-4A74-903F-8DADEDD61F23"
          },
          {
            "criteria": "cpe:2.3:a:ca:internet_security_suite_2011:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70377A35-C09D-450C-9AEC-68421FEE1927"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References