CVE-2011-1036 Information

Feb 14, 2021 cve

Description

The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88 and the client before 1.6.450 in CA Host-Based Intrusion Prevention System (HIPS) 8.1 as used in CA Internet Security Suite (ISS) 2010 allows remote attackers to download an arbitrary program onto a client machine and execute this program via vectors involving the SetXml and Save methods.

Reference

http://secunia.com/advisories/43377 http://secunia.com/advisories/43490 http://securityreason.com/securityalert/8106 http://www.securityfocus.com/archive/1/516649/100/0/threaded http://www.securityfocus.com/archive/1/516687/100/0/threaded http://www.securityfocus.com/bid/46539 http://www.securitytracker.com/id?1025120 http://www.vupen.com/english/advisories/2011/0496 http://www.zerodayinitiative.com/advisories/ZDI-11-093 https://exchange.xforce.ibmcloud.com/vulnerabilities/65632 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4

Share on: