HomePentest-Tools.com Logo

CA Host-Based Intrusion Prevention System XMLSecDB ActiveX Control Code Execution Vulnerability CVE-2011-1036

Not available
CVSSv3 Score
Not available
Vulnerability description

CA Host-Based Intrusion Prevention System(HIPS) is prone to a remote code-execution vulnerability.

Risk description

The flaw is caused by a design error in the XMLSecDB ActiveX control installed with the HIPSEngine component, which could allow attackers to create arbitrary files on a vulnerable system by tricking a user into visiting a web page which calls the SetXml() and Save() methods. Successful exploitation could allow attackers to execute arbitrary code in the context of the logged-in user. Failed exploits result in denial-of-service conditions.


Vendor has released a patch to fix this issue.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Feb 25, 2011
Detection added at
Software Type
Not available
Not available
Not available