Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for internet_security_suite_2010 by ca

    CVE-2010-5156 (GCVE-0-2010-5156)

    Vulnerability from nvd – Published: 2012-08-25 21:00 – Updated: 2024-09-17 03:14 Disputed
    VLAI
    Summary
    Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:09:39.210Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
              },
              {
                "name": "39924",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/39924"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
              },
              {
                "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
              },
              {
                "name": "67660",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/67660"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.f-secure.com/weblog/archives/00001949.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.  NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-08-25T21:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
            },
            {
              "name": "39924",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/39924"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
            },
            {
              "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
            },
            {
              "name": "67660",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/67660"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.f-secure.com/weblog/archives/00001949.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-5156",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** DISPUTED ** Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.  NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
                },
                {
                  "name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
                  "refsource": "MISC",
                  "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
                },
                {
                  "name": "39924",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/39924"
                },
                {
                  "name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
                  "refsource": "MISC",
                  "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
                },
                {
                  "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
                },
                {
                  "name": "67660",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/67660"
                },
                {
                  "name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
                  "refsource": "MISC",
                  "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
                },
                {
                  "name": "http://www.f-secure.com/weblog/archives/00001949.html",
                  "refsource": "MISC",
                  "url": "http://www.f-secure.com/weblog/archives/00001949.html"
                },
                {
                  "name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
                  "refsource": "MISC",
                  "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-5156",
        "datePublished": "2012-08-25T21:00:00.000Z",
        "dateReserved": "2012-08-25T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:14:30.700Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-1036 (GCVE-0-2011-1036)

    Vulnerability from nvd – Published: 2011-02-25 17:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2011/0496 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/43490 third-party-advisoryx_refsource_SECUNIA
    http://www.zerodayinitiative.com/advisories/ZDI-11-093 x_refsource_MISC
    http://secunia.com/advisories/43377 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/46539 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/516649/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/8106 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/516687/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1025120 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://support.ca.com/irj/portal/anonymous/phpsu… x_refsource_CONFIRM
    Date Public
    2011-02-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:27.259Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2011-0496",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0496"
              },
              {
                "name": "43490",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"
              },
              {
                "name": "43377",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43377"
              },
              {
                "name": "46539",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/46539"
              },
              {
                "name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
              },
              {
                "name": "8106",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/8106"
              },
              {
                "name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
              },
              {
                "name": "1025120",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1025120"
              },
              {
                "name": "ca-products-activex-file-overwrite(65632)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-02-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2011-0496",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0496"
            },
            {
              "name": "43490",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"
            },
            {
              "name": "43377",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43377"
            },
            {
              "name": "46539",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/46539"
            },
            {
              "name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
            },
            {
              "name": "8106",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/8106"
            },
            {
              "name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
            },
            {
              "name": "1025120",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1025120"
            },
            {
              "name": "ca-products-activex-file-overwrite(65632)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-1036",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2011-0496",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0496"
                },
                {
                  "name": "43490",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43490"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-093",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"
                },
                {
                  "name": "43377",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43377"
                },
                {
                  "name": "46539",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/46539"
                },
                {
                  "name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
                },
                {
                  "name": "8106",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/8106"
                },
                {
                  "name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
                },
                {
                  "name": "1025120",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1025120"
                },
                {
                  "name": "ca-products-activex-file-overwrite(65632)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
                },
                {
                  "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-1036",
        "datePublished": "2011-02-25T17:00:00.000Z",
        "dateReserved": "2011-02-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:27.259Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-5156 (GCVE-0-2010-5156)

    Vulnerability from cvelistv5 – Published: 2012-08-25 21:00 – Updated: 2024-09-17 03:14 Disputed
    VLAI
    Summary
    Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:09:39.210Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
              },
              {
                "name": "39924",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/39924"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
              },
              {
                "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
              },
              {
                "name": "67660",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/67660"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.f-secure.com/weblog/archives/00001949.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.  NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-08-25T21:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
            },
            {
              "name": "39924",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/39924"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
            },
            {
              "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
            },
            {
              "name": "67660",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/67660"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.f-secure.com/weblog/archives/00001949.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-5156",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** DISPUTED ** Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.  NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
                },
                {
                  "name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
                  "refsource": "MISC",
                  "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
                },
                {
                  "name": "39924",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/39924"
                },
                {
                  "name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
                  "refsource": "MISC",
                  "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
                },
                {
                  "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
                },
                {
                  "name": "67660",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/67660"
                },
                {
                  "name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
                  "refsource": "MISC",
                  "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
                },
                {
                  "name": "http://www.f-secure.com/weblog/archives/00001949.html",
                  "refsource": "MISC",
                  "url": "http://www.f-secure.com/weblog/archives/00001949.html"
                },
                {
                  "name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
                  "refsource": "MISC",
                  "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-5156",
        "datePublished": "2012-08-25T21:00:00.000Z",
        "dateReserved": "2012-08-25T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:14:30.700Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-1036 (GCVE-0-2011-1036)

    Vulnerability from cvelistv5 – Published: 2011-02-25 17:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2011/0496 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/43490 third-party-advisoryx_refsource_SECUNIA
    http://www.zerodayinitiative.com/advisories/ZDI-11-093 x_refsource_MISC
    http://secunia.com/advisories/43377 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/46539 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/516649/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/8106 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/516687/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1025120 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://support.ca.com/irj/portal/anonymous/phpsu… x_refsource_CONFIRM
    Date Public
    2011-02-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:27.259Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2011-0496",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0496"
              },
              {
                "name": "43490",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"
              },
              {
                "name": "43377",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43377"
              },
              {
                "name": "46539",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/46539"
              },
              {
                "name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
              },
              {
                "name": "8106",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/8106"
              },
              {
                "name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
              },
              {
                "name": "1025120",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1025120"
              },
              {
                "name": "ca-products-activex-file-overwrite(65632)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-02-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2011-0496",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0496"
            },
            {
              "name": "43490",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"
            },
            {
              "name": "43377",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43377"
            },
            {
              "name": "46539",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/46539"
            },
            {
              "name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
            },
            {
              "name": "8106",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/8106"
            },
            {
              "name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
            },
            {
              "name": "1025120",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1025120"
            },
            {
              "name": "ca-products-activex-file-overwrite(65632)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-1036",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2011-0496",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0496"
                },
                {
                  "name": "43490",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43490"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-093",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"
                },
                {
                  "name": "43377",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43377"
                },
                {
                  "name": "46539",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/46539"
                },
                {
                  "name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
                },
                {
                  "name": "8106",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/8106"
                },
                {
                  "name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
                },
                {
                  "name": "1025120",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1025120"
                },
                {
                  "name": "ca-products-activex-file-overwrite(65632)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
                },
                {
                  "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}",
                  "refsource": "CONFIRM",
                  "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-1036",
        "datePublished": "2011-02-25T17:00:00.000Z",
        "dateReserved": "2011-02-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:27.259Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }