Vulnerability Description
The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ca | Host-Based Intrusion Prevention System | 8.1 |
| Ca | Internet Security Suite 2010 | All versions |
| Ca | Internet Security Suite 2011 | All versions |
References
- http://secunia.com/advisories/43377
- http://secunia.com/advisories/43490
- http://securityreason.com/securityalert/8106
- http://www.securityfocus.com/archive/1/516649/100/0/threaded
- http://www.securityfocus.com/archive/1/516687/100/0/threaded
- http://www.securityfocus.com/bid/46539
- http://www.securitytracker.com/id?1025120
- http://www.vupen.com/english/advisories/2011/0496
- http://www.zerodayinitiative.com/advisories/ZDI-11-093
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65632
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-
- http://secunia.com/advisories/43377
- http://secunia.com/advisories/43490
- http://securityreason.com/securityalert/8106
- http://www.securityfocus.com/archive/1/516649/100/0/threaded
FAQ
What is CVE-2011-1036?
CVE-2011-1036 is a vulnerability with a CVSS score of 8.8 (HIGH). The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion P...
How severe is CVE-2011-1036?
CVE-2011-1036 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1036?
Check the references section above for vendor advisories and patch information. Affected products include: Ca Host-Based Intrusion Prevention System, Ca Internet Security Suite 2010, Ca Internet Security Suite 2011.