CVE-2011-1036 - OpenCVE

The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Ca	Internet Security Suite 2010 Host-based Intrusion Prevention System Internet Security Suite 2011

Configuration 1 [-]

AND

cpe:2.3:a:ca:host-based_intrusion_prevention_system:8.1:*:*:*:*:*:*:*

OR	cpe:2.3:a:ca:internet_security_suite_2010::::::::
	cpe:2.3:a:ca:internet_security_suite_2011::::::::

References

Link	Resource
http://secunia.com/advisories/43377
http://secunia.com/advisories/43490
http://securityreason.com/securityalert/8106
http://www.securityfocus.com/archive/1/516649/100/0/threaded
http://www.securityfocus.com/archive/1/516687/100/0/threaded
http://www.securityfocus.com/bid/46539
http://www.securitytracker.com/id?1025120
http://www.vupen.com/english/advisories/2011/0496
http://www.zerodayinitiative.com/advisories/ZDI-11-093
https://exchange.xforce.ibmcloud.com/vulnerabilities/65632
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2011-02-25T17:00:00

Updated: 2018-10-09T18:57:01

Reserved: 2011-02-18T00:00:00

Link: CVE-2011-1036

JSON object: View

NVD Information

Status : Modified

Published: 2011-02-25T18:00:02.167

Modified: 2023-11-07T02:06:56.430

Link: CVE-2011-1036

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-02-23T00:00:00", "descriptions": [{"lang": "en", "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2011-0496", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0496"}, {"name": "43490", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43490"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"}, {"name": "43377", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43377"}, {"name": "46539", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46539"}, {"name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"}, {"name": "8106", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8106"}, {"name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"}, {"name": "1025120", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1025120"}, {"name": "ca-products-activex-file-overwrite(65632)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1036", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2011-0496", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0496"}, {"name": "43490", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43490"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-093", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"}, {"name": "43377", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43377"}, {"name": "46539", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46539"}, {"name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"}, {"name": "8106", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8106"}, {"name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"}, {"name": "1025120", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025120"}, {"name": "ca-products-activex-file-overwrite(65632)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"}, {"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}", "refsource": "CONFIRM", "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1036", "datePublished": "2011-02-25T17:00:00", "dateReserved": "2011-02-18T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ca:host-based_intrusion_prevention_system:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "4924C835-EBFB-4B03-95A0-5FF7242D9A41", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:ca:internet_security_suite_2010:*:*:*:*:*:*:*:*", "matchCriteriaId": "62567F6E-86F1-4A74-903F-8DADEDD61F23", "vulnerable": true}, {"criteria": "cpe:2.3:a:ca:internet_security_suite_2011:*:*:*:*:*:*:*:*", "matchCriteriaId": "70377A35-C09D-450C-9AEC-68421FEE1927", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods."}, {"lang": "es", "value": "La clase XML Security Database Parser en el control XMLSecDB ActiveX en el componente HIPSEngine en el Management Server anterior a v8.1.0.88, y el cliente anterior a v1.6.450, en CA Host-Based Intrusion Prevention System (HIPS) v8.1, que se utiliza en CA Internet Security Suite (ISS) de 2010, permite a atacantes remotos descargar un programa arbitrario en un equipo cliente, y ejecutar el mismo a trav\u00e9s de vectores que comprenden los m\u00e9todos SetXml y Save."}], "id": "CVE-2011-1036", "lastModified": "2023-11-07T02:06:56.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.8, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-02-25T18:00:02.167", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/43377"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/43490"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/8106"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/46539"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1025120"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2011/0496"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"}, {"source": "cve@mitre.org", "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}