HomePentest-Tools.com Logo

CA Host-Based Intrusion Prevention System XMLSecDB ActiveX Control Code Execution Vulnerability CVE-2011-1036

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

CA Host-Based Intrusion Prevention System(HIPS) is prone to a remote code-execution vulnerability.

Risk description

The flaw is caused by a design error in the XMLSecDB ActiveX control installed with the HIPSEngine component, which could allow attackers to create arbitrary files on a vulnerable system by tricking a user into visiting a web page which calls the SetXml() and Save() methods. Successful exploitation could allow attackers to execute arbitrary code in the context of the logged-in user. Failed exploits result in denial-of-service conditions.

Recommendation

Vendor has released a patch to fix this issue.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 25, 2011
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available