Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3006

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-3006
Last Modified 06 Sep 2011 11:18:05
Published 10 Aug 2011 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3006

Summary

The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting (XSS) attack, execute arbitrary code using the MyASUtil.InstallInfo.RunUserProgram function, and possibly conduct other unspecified attacks.

Vulnerable Systems

Application

  • Mcafee Saas Endpoint Protection 5.2.1


References

CONFIRM - https://kc.mcafee.com/corporate/index?page=content&id=SB10016

XF - mcafee-saas-myasutil520603-code-execution(69094)

OSVDB - 74512

MISC - http://dvlabs.tippingpoint.com/advisory/TPTI-11-12


Last Updated: 27 May 2016 10:57:14