CVE-2011-1036 : The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Ser

The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.

Published 2011-02-25 18:00:02

Updated 2018-10-09 19:30:14

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2011-1036

Probability of exploitation activity in the next 30 days: 90.95%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-1036

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.8	HIGH	AV:N/AC:M/Au:N/C:N/I:C/A:C	8.6	9.2	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Complete Availability Impact: Complete

References for CVE-2011-1036

http://www.securityfocus.com/bid/46539

CA Host-Based Intrusion Prevention System 'XMLSecDB' ActiveX Control Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-093

ZDI-11-093 | Zero Day Initiative
http://www.securityfocus.com/archive/1/516687/100/0/threaded

SecurityFocus
http://securityreason.com/securityalert/8106

CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability - CXSecurity.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/65632

Multiple CA products ActiveX control file overwrite CVE-2011-1036 Vulnerability Report
http://www.securitytracker.com/id?1025120

CA Internet Security Suite File Creation Flaw Lets Remote Users Execute Arbitrary Code - SecurityTracker
http://www.vupen.com/english/advisories/2011/0496

Webmail | OVH- OVH
http://www.securityfocus.com/archive/1/516649/100/0/threaded

SecurityFocus

Products affected by CVE-2011-1036

CA » Host-based Intrusion Prevention System » Version: 8.1
cpe:2.3:a:ca:host-based_intrusion_prevention_system:8.1:*:*:*:*:*:*:*
Matching versions
CA » Internet Security Suite 2010
cpe:2.3:a:ca:internet_security_suite_2010:*:*:*:*:*:*:*:*
Matching versions
CA » Internet Security Suite 2011
cpe:2.3:a:ca:internet_security_suite_2011:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-1036

Exploit prediction scoring system (EPSS) score for CVE-2011-1036

CVSS scores for CVE-2011-1036

References for CVE-2011-1036

Products affected by CVE-2011-1036