CVE-2011-1036 (GCVE-0-2011-1036)

Vulnerability from cvelistv5 – Published: 2011-02-25 17:00 – Updated: 2024-08-06 22:14
VLAI
Summary
The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.vupen.com/english/advisories/2011/0496 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/43490 third-party-advisoryx_refsource_SECUNIA
http://www.zerodayinitiative.com/advisories/ZDI-11-093 x_refsource_MISC
http://secunia.com/advisories/43377 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/46539 vdb-entryx_refsource_BID
http://www.securityfocus.com/archive/1/516649/100… mailing-listx_refsource_BUGTRAQ
http://securityreason.com/securityalert/8106 third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/archive/1/516687/100… mailing-listx_refsource_BUGTRAQ
http://www.securitytracker.com/id?1025120 vdb-entryx_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
https://support.ca.com/irj/portal/anonymous/phpsu… x_refsource_CONFIRM
Date Public
2011-02-23 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:27.259Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-0496",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0496"
          },
          {
            "name": "43490",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43490"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"
          },
          {
            "name": "43377",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43377"
          },
          {
            "name": "46539",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46539"
          },
          {
            "name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
          },
          {
            "name": "8106",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8106"
          },
          {
            "name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
          },
          {
            "name": "1025120",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025120"
          },
          {
            "name": "ca-products-activex-file-overwrite(65632)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2011-0496",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0496"
        },
        {
          "name": "43490",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43490"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"
        },
        {
          "name": "43377",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43377"
        },
        {
          "name": "46539",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46539"
        },
        {
          "name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
        },
        {
          "name": "8106",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8106"
        },
        {
          "name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
        },
        {
          "name": "1025120",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025120"
        },
        {
          "name": "ca-products-activex-file-overwrite(65632)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1036",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2011-0496",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0496"
            },
            {
              "name": "43490",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43490"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-093",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"
            },
            {
              "name": "43377",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43377"
            },
            {
              "name": "46539",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46539"
            },
            {
              "name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
            },
            {
              "name": "8106",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8106"
            },
            {
              "name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
            },
            {
              "name": "1025120",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025120"
            },
            {
              "name": "ca-products-activex-file-overwrite(65632)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
            },
            {
              "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}",
              "refsource": "CONFIRM",
              "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1036",
    "datePublished": "2011-02-25T17:00:00.000Z",
    "dateReserved": "2011-02-18T00:00:00.000Z",
    "dateUpdated": "2024-08-06T22:14:27.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2011-1036",
      "date": "2026-06-30",
      "epss": "0.02547",
      "percentile": "0.83046"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1036\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-02-25T18:00:02.167\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.\"},{\"lang\":\"es\",\"value\":\"La clase XML Security Database Parser en el  control XMLSecDB ActiveX en el componente HIPSEngine en el Management Server anterior a  v8.1.0.88, y el cliente anterior a v1.6.450, en CA Host-Based Intrusion Prevention System (HIPS) v8.1, que se utiliza en CA Internet Security Suite (ISS) de 2010, permite a atacantes remotos  descargar un programa arbitrario en un equipo cliente, y ejecutar el mismo a trav\u00e9s de vectores que comprenden los m\u00e9todos SetXml y Save.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:C/A:C\",\"baseScore\":8.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":9.2,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:host-based_intrusion_prevention_system:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4924C835-EBFB-4B03-95A0-5FF7242D9A41\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:internet_security_suite_2010:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62567F6E-86F1-4A74-903F-8DADEDD61F23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:internet_security_suite_2011:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70377A35-C09D-450C-9AEC-68421FEE1927\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/43377\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/43490\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/8106\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/516649/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/516687/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/46539\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1025120\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0496\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-11-093\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/65632\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/43377\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43490\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/8106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/516649/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/516687/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/46539\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-11-093\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/65632\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…