CVE-2011-1036
Last modified
CVE-2011-1036 is a vulnerability of currently unknown severity. The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.. EPSS estimates a 2.55% chance of exploitation in the next 30 days.
Description
The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ca | Host-Based Intrusion Prevention System | 8.1 |
| Ca | Internet Security Suite 2010 | All versions |
| Ca | Internet Security Suite 2011 | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-1036?
How severe is CVE-2011-1036?
How do I fix CVE-2011-1036?
Are you affected by CVE-2011-1036?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST