Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3007

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-3007
Last Modified 06 Sep 2011 11:18:05
Published 10 Aug 2011 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3007

Summary

The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to write to arbitrary files by specifying an arbitrary filename in the MyCioScan.Scan.ReportFile parameter, as demonstrated by injecting script into a log file and executing arbitrary code using the MyCioScan.Scan.Start method.

Vulnerable Systems

Application

  • Mcafee Saas Endpoint Protection 5.2.1


References

CONFIRM - https://kc.mcafee.com/corporate/index?page=content&id=SB10016

XF - mcafee-saas-mycioscn-code-execution(69093)

OSVDB - 74513

MISC - http://dvlabs.tippingpoint.com/advisory/TPTI-11-13


Last Updated: 27 May 2016 10:57:14