CVE-2011-1036 - OpenCVE

The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ca	Host-based Intrusion Prevention System Internet Security Suite 2010 Internet Security Suite 2011

Configuration 1 [-]

AND

cpe:2.3:a:ca:host-based_intrusion_prevention_system:8.1:*:*:*:*:*:*:*

OR	cpe:2.3:a:ca:internet_security_suite_2010::::::::
	cpe:2.3:a:ca:internet_security_suite_2011::::::::

No data.

References

Link	Providers
http://secunia.com/advisories/43377
http://secunia.com/advisories/43490
http://securityreason.com/securityalert/8106
http://www.securityfocus.com/archive/1/516649/100/0/threaded
http://www.securityfocus.com/archive/1/516687/100/0/threaded
http://www.securityfocus.com/bid/46539
http://www.securitytracker.com/id?1025120
http://www.vupen.com/english/advisories/2011/0496
http://www.zerodayinitiative.com/advisories/ZDI-11-093
https://exchange.xforce.ibmcloud.com/vulnerabilities/65632
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-02-25T17:00:00

Updated: 2024-08-06T22:14:27.259Z

Reserved: 2011-02-18T00:00:00

Link: CVE-2011-1036

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-02-25T18:00:02.167

Modified: 2023-11-07T02:06:56.430

Link: CVE-2011-1036

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-02-23T00:00:00", "descriptions": [{"lang": "en", "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2011-0496", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0496"}, {"name": "43490", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43490"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"}, {"name": "43377", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43377"}, {"name": "46539", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46539"}, {"name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"}, {"name": "8106", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8106"}, {"name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"}, {"name": "1025120", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1025120"}, {"name": "ca-products-activex-file-overwrite(65632)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1036", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2011-0496", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0496"}, {"name": "43490", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43490"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-093", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"}, {"name": "43377", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43377"}, {"name": "46539", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46539"}, {"name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"}, {"name": "8106", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8106"}, {"name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"}, {"name": "1025120", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025120"}, {"name": "ca-products-activex-file-overwrite(65632)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"}, {"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}", "refsource": "CONFIRM", "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:14:27.259Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2011-0496", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0496"}, {"name": "43490", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43490"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"}, {"name": "43377", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43377"}, {"name": "46539", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/46539"}, {"name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"}, {"name": "8106", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8106"}, {"name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"}, {"name": "1025120", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1025120"}, {"name": "ca-products-activex-file-overwrite(65632)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1036", "datePublished": "2011-02-25T17:00:00", "dateReserved": "2011-02-18T00:00:00", "dateUpdated": "2024-08-06T22:14:27.259Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ca:host-based_intrusion_prevention_system:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "4924C835-EBFB-4B03-95A0-5FF7242D9A41", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:ca:internet_security_suite_2010:*:*:*:*:*:*:*:*", "matchCriteriaId": "62567F6E-86F1-4A74-903F-8DADEDD61F23", "vulnerable": true}, {"criteria": "cpe:2.3:a:ca:internet_security_suite_2011:*:*:*:*:*:*:*:*", "matchCriteriaId": "70377A35-C09D-450C-9AEC-68421FEE1927", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods."}, {"lang": "es", "value": "La clase XML Security Database Parser en el control XMLSecDB ActiveX en el componente HIPSEngine en el Management Server anterior a v8.1.0.88, y el cliente anterior a v1.6.450, en CA Host-Based Intrusion Prevention System (HIPS) v8.1, que se utiliza en CA Internet Security Suite (ISS) de 2010, permite a atacantes remotos descargar un programa arbitrario en un equipo cliente, y ejecutar el mismo a trav\u00e9s de vectores que comprenden los m\u00e9todos SetXml y Save."}], "id": "CVE-2011-1036", "lastModified": "2023-11-07T02:06:56.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.8, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-02-25T18:00:02.167", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/43377"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/43490"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/8106"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/46539"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1025120"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2011/0496"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"}, {"source": "cve@mitre.org", "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}