QwikSec

Security Database

CVE

CWE

Training

CVE-2011-1036

Published: Feb 25, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

http://www.zerodayinitiative.com/advisories/ZDI-11-093

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SREASON

20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_SECTRACK

ca-products-activex-file-overwrite(65632)

vdb-entry

x_refsource_XF

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.