Vulnerabilities > CVE-2011-1036 - Unspecified vulnerability in CA products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

NVD

Published: 2011-02-25

Updated: 2023-11-07

Summary

The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.

Vulnerable Configurations

Part	Description	Count
Application	Ca CA Host Based Intrusion Prevention System 8.1 CA Internet Security Suite 2010 * CA Internet Security Suite 2011 *	3

References

http://www.zerodayinitiative.com/advisories/ZDI-11-093
http://www.securitytracker.com/id?1025120
http://secunia.com/advisories/43377
http://secunia.com/advisories/43490
http://www.vupen.com/english/advisories/2011/0496
http://www.securityfocus.com/bid/46539
http://securityreason.com/securityalert/8106
https://exchange.xforce.ibmcloud.com/vulnerabilities/65632
http://www.securityfocus.com/archive/1/516687/100/0/threaded
http://www.securityfocus.com/archive/1/516649/100/0/threaded
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D