Vulnerability Description
The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting (XSS) attack, execute arbitrary code using the MyASUtil.InstallInfo.RunUserProgram function, and possibly conduct other unspecified attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Saas Endpoint Protection | <= 5.2.1 |
Related Weaknesses (CWE)
References
- http://dvlabs.tippingpoint.com/advisory/TPTI-11-12
- http://osvdb.org/74512
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69094
- https://kc.mcafee.com/corporate/index?page=content&id=SB10016Vendor Advisory
- http://dvlabs.tippingpoint.com/advisory/TPTI-11-12
- http://osvdb.org/74512
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69094
- https://kc.mcafee.com/corporate/index?page=content&id=SB10016Vendor Advisory
FAQ
What is CVE-2011-3006?
CVE-2011-3006 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain ...
How severe is CVE-2011-3006?
CVE-2011-3006 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3006?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Saas Endpoint Protection.