Vulnerability Description
The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to write to arbitrary files by specifying an arbitrary filename in the MyCioScan.Scan.ReportFile parameter, as demonstrated by injecting script into a log file and executing arbitrary code using the MyCioScan.Scan.Start method.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Saas Endpoint Protection | <= 5.2.1 |
Related Weaknesses (CWE)
References
- http://dvlabs.tippingpoint.com/advisory/TPTI-11-13
- http://osvdb.org/74513
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69093
- https://kc.mcafee.com/corporate/index?page=content&id=SB10016Vendor Advisory
- http://dvlabs.tippingpoint.com/advisory/TPTI-11-13
- http://osvdb.org/74513
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69093
- https://kc.mcafee.com/corporate/index?page=content&id=SB10016Vendor Advisory
FAQ
What is CVE-2011-3007?
CVE-2011-3007 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to write to arbitrary files by specifying an arbitrary filename in the MyCioSca...
How severe is CVE-2011-3007?
CVE-2011-3007 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3007?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Saas Endpoint Protection.