cvelistv5 - CVE-2011-1036

CVE-2011-1036 (GCVE-0-2011-1036)

Vulnerability from cvelistv5

Published

2011-02-25 17:00

Modified

2024-08-06 22:14

Severity ?

CWE

Summary

References

URL

Tags

	cve@mitre.org	http://secunia.com/advisories/43377
	cve@mitre.org	http://secunia.com/advisories/43490
	cve@mitre.org	http://securityreason.com/securityalert/8106
	cve@mitre.org	http://www.securityfocus.com/archive/1/516649/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/archive/1/516687/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/bid/46539
	cve@mitre.org	http://www.securitytracker.com/id?1025120
	cve@mitre.org	http://www.vupen.com/english/advisories/2011/0496
	cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-11-093
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/65632
	cve@mitre.org	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43377
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43490
	af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8106
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/516649/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/516687/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46539
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025120
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0496
	af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-11-093
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/65632
	af854a3a-2127-422b-91ae-364da2661108	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:27.259Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-0496",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0496"
          },
          {
            "name": "43490",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43490"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"
          },
          {
            "name": "43377",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43377"
          },
          {
            "name": "46539",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46539"
          },
          {
            "name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
          },
          {
            "name": "8106",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8106"
          },
          {
            "name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
          },
          {
            "name": "1025120",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025120"
          },
          {
            "name": "ca-products-activex-file-overwrite(65632)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2011-0496",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0496"
        },
        {
          "name": "43490",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43490"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"
        },
        {
          "name": "43377",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43377"
        },
        {
          "name": "46539",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46539"
        },
        {
          "name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
        },
        {
          "name": "8106",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8106"
        },
        {
          "name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
        },
        {
          "name": "1025120",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025120"
        },
        {
          "name": "ca-products-activex-file-overwrite(65632)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1036",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2011-0496",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0496"
            },
            {
              "name": "43490",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43490"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-093",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"
            },
            {
              "name": "43377",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43377"
            },
            {
              "name": "46539",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46539"
            },
            {
              "name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
            },
            {
              "name": "8106",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8106"
            },
            {
              "name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
            },
            {
              "name": "1025120",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025120"
            },
            {
              "name": "ca-products-activex-file-overwrite(65632)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
            },
            {
              "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}",
              "refsource": "CONFIRM",
              "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1036",
    "datePublished": "2011-02-25T17:00:00",
    "dateReserved": "2011-02-18T00:00:00",
    "dateUpdated": "2024-08-06T22:14:27.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1036\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-02-25T18:00:02.167\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.\"},{\"lang\":\"es\",\"value\":\"La clase XML Security Database Parser en el  control XMLSecDB ActiveX en el componente HIPSEngine en el Management Server anterior a  v8.1.0.88, y el cliente anterior a v1.6.450, en CA Host-Based Intrusion Prevention System (HIPS) v8.1, que se utiliza en CA Internet Security Suite (ISS) de 2010, permite a atacantes remotos  descargar un programa arbitrario en un equipo cliente, y ejecutar el mismo a trav\u00e9s de vectores que comprenden los m\u00e9todos SetXml y Save.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:C/A:C\",\"baseScore\":8.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":9.2,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:host-based_intrusion_prevention_system:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4924C835-EBFB-4B03-95A0-5FF7242D9A41\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:internet_security_suite_2010:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62567F6E-86F1-4A74-903F-8DADEDD61F23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:internet_security_suite_2011:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70377A35-C09D-450C-9AEC-68421FEE1927\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/43377\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/43490\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/8106\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/516649/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/516687/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/46539\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1025120\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0496\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-11-093\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/65632\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/43377\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43490\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/8106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/516649/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/516687/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/46539\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-11-093\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/65632\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2011-1036

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2011-1036

Aliases

CVE-2011-1036

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1036",
    "description": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.",
    "id": "GSD-2011-1036"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1036"
      ],
      "details": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.",
      "id": "GSD-2011-1036",
      "modified": "2023-12-13T01:19:07.827586Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-1036",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2011-0496",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0496"
          },
          {
            "name": "43490",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/43490"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-093",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"
          },
          {
            "name": "43377",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/43377"
          },
          {
            "name": "46539",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/46539"
          },
          {
            "name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
          },
          {
            "name": "8106",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8106"
          },
          {
            "name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
          },
          {
            "name": "1025120",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025120"
          },
          {
            "name": "ca-products-activex-file-overwrite(65632)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
          },
          {
            "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}",
            "refsource": "CONFIRM",
            "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ca:host-based_intrusion_prevention_system:8.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ca:internet_security_suite_2010:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ca:internet_security_suite_2011:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1036"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-093",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"
            },
            {
              "name": "1025120",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1025120"
            },
            {
              "name": "43377",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/43377"
            },
            {
              "name": "43490",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/43490"
            },
            {
              "name": "ADV-2011-0496",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/0496"
            },
            {
              "name": "46539",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/46539"
            },
            {
              "name": "8106",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8106"
            },
            {
              "name": "ca-products-activex-file-overwrite(65632)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
            },
            {
              "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}"
            },
            {
              "name": "20110225 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
            },
            {
              "name": "20110223 ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 9.2,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-09T19:30Z",
      "publishedDate": "2011-02-25T18:00Z"
    }
  }
}

CERTA-2011-AVI-106

Vulnerability from certfr_avis

Une vulnérabilité dans CA HIPS permet l'exécution de code arbitraire à distance.

Description

Une vulnérabilité a été découverte dans le contrôle ActiveX XMLSecDB utilisé par CA HIPS. L'exploitation de cette vulnérabilité, par le biais d'une page Web ou d'un fichier spécifique, permet l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour la correction de cette vulnérabilité (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	ESET	Internet Security	CA Internet Security Suite (ISS) 2010.
	N/A	N/A	CA Host-Based Intrusion Prevention System (HIPS) version r8.1 ;

References

Title

Publication Time

var-201102-0367

Vulnerability from variot

The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The flaw exists within the XMLSecDB ActiveX control which is installed with HIPSEngine component. SetXml and Save methods are implemented insecurely and can allow creation of an arbitrary file on the victim's system. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user. CA Host-Based Intrusion Prevention System(HIPS) is prone to a remote code-execution vulnerability. Failed exploits result in denial-of-service conditions. ----------------------------------------------------------------------

Get a tax break on purchases of Secunia Solutions!

If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/

TITLE: CA Host-Based Intrusion Prevention System "XMLSecDB.DIParser" ActiveX Control Vulnerability

SECUNIA ADVISORY ID: SA43377

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43377/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43377

RELEASE DATE: 2011-03-13

DISCUSS ADVISORY: http://secunia.com/advisories/43377/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/43377/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=43377

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability has been discovered in CA Host-Based Intrusion Prevention System, which can be exploited by malicious people to compromise a user's system. This can be exploited to create an arbitrary file using directory traversal specifiers and supply controlled content via the "SetXml()" method.

The vulnerability is confirmed in UmxXmlSd version 1.5.0.263 and reported in the following products: * HIPS Management Server versions prior to 8.1.0.88.

SOLUTION: Apply RO26950 and set registry values. Please see the vendor's advisory for more details.

Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

PROVIDED AND/OR DISCOVERED BY: Andrea Micalizzi aka rgod via ZDI

Additional details provided by Secunia Research.

ORIGINAL ADVISORY: CA (CA20110223-01): https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}

ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-093/

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System

Issued: February 23, 2011 Updated: February 24, 2011

CA Technologies support is alerting customers to a security risk associated with CA Host-Based Intrusion Prevention System (HIPS). CA Technologies has issued patches to address the vulnerability.

The vulnerability, CVE-2011-1036, is due to insecure method implementation in the XMLSecDB ActiveX control that is utilized in CA HIPS components and products.

HIPS client sources are vulnerable if the build number is less than 1.6.450.

Older versions of HIPS and ISS, that are no longer supported, may also be vulnerable.

Solution

CA has issued the following patches to address the vulnerability. You do not need to restart the client.

CA Internet Security Suite (ISS) 2010: Fix information will be published soon.

CA Internet Security Suite (ISS) 2011: Fix information will be published soon.

References

CVE-2011-1036 - CA HIPS XMLSecDB ActiveX control insecure methods

Acknowledgement

Andrea Micalizzi aka rgod, via TippingPoint ZDI

Change History

Version 1.0: Initial Release Version 1.5: Added ISS 2011 to list of affected products. Added instructions for determining if ISS is affected.

If additional information is required, please contact CA Technologies Support at https://support.ca.com.

If you discover a vulnerability in a CA Technologies product, please report your findings to the CA Technologies Product Vulnerability Response Team. support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782

Thanks and regards, Ken Williams, Director ca technologies Product Vulnerability Response Team ca technologies Business Unit Operations wilja22@ca.com

-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Charset: utf-8

wj8DBQFNZypeeSWR3+KUGYURAmbuAJ9tD5x666uOpX6ia6ksu4rdnksyggCfSwCn kb1ylRiLIRzRg3j1VygjImQ= =M+5z -----END PGP SIGNATURE----- . More details can be found at:

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}

-- Disclosure Timeline: 2010-08-25 - Vulnerability reported to vendor 2011-02-23 - Coordinated public release of advisory

-- Credit: This vulnerability was discovered by: * Andrea Micalizzi aka rgod

-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:

http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.

Our vulnerability disclosure policy is available online at:

http://www.zerodayinitiative.com/advisories/disclosure_policy/

Follow the ZDI on Twitter:

http://twitter.com/thezdi

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201102-0367",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "host-based intrusion prevention system",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "ca",
        "version": "8.1"
      },
      {
        "model": "internet security suite 2011",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "*"
      },
      {
        "model": "internet security suite 2010",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "*"
      },
      {
        "model": "internet security suite 2010",
        "scope": null,
        "trust": 0.8,
        "vendor": "ca",
        "version": null
      },
      {
        "model": "internet security suite",
        "scope": null,
        "trust": 0.7,
        "vendor": "ca",
        "version": null
      },
      {
        "model": "associates internet security suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2011"
      },
      {
        "model": "associates internet security suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2010"
      },
      {
        "model": "associates host-based intrusion prevention system r8.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "computer",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-11-093"
      },
      {
        "db": "BID",
        "id": "46539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004302"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-367"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1036"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ca:host-based_intrusion_prevention_system",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:ca:internet_security_suite_2010",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004302"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andrea Micalizzi aka rgod",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-11-093"
      },
      {
        "db": "BID",
        "id": "46539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-367"
      }
    ],
    "trust": 1.6
  },
  "cve": "CVE-2011-1036",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2011-1036",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2011-1036",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-48981",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2011-1036",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2011-1036",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2011-1036",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201102-367",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-48981",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-11-093"
      },
      {
        "db": "VULHUB",
        "id": "VHN-48981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004302"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-367"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1036"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The flaw exists within the XMLSecDB ActiveX control which is installed with HIPSEngine component. SetXml and Save methods are implemented insecurely and can allow creation of an arbitrary file on the victim\u0027s system. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user. CA Host-Based Intrusion Prevention System(HIPS) is prone to a remote code-execution vulnerability. Failed exploits result in denial-of-service conditions. ----------------------------------------------------------------------\n\n\nGet a tax break on purchases of Secunia Solutions!\n\nIf you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at:\nhttp://secunia.com/products/corporate/vim/section_179/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nCA Host-Based Intrusion Prevention System \"XMLSecDB.DIParser\" ActiveX\nControl Vulnerability\n\nSECUNIA ADVISORY ID:\nSA43377\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43377/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43377\n\nRELEASE DATE:\n2011-03-13\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43377/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43377/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43377\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in CA Host-Based Intrusion\nPrevention System, which can be exploited by malicious people to\ncompromise a user\u0027s system. This can be exploited to create an arbitrary file\nusing directory traversal specifiers and supply controlled content\nvia the \"SetXml()\" method. \n\nThe vulnerability is confirmed in UmxXmlSd version 1.5.0.263 and\nreported in the following products:\n* HIPS Management Server versions prior to 8.1.0.88. \n\nSOLUTION:\nApply RO26950 and set registry values. Please see the vendor\u0027s\nadvisory for more details. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\nAndrea Micalizzi aka rgod via ZDI\n\nAdditional details provided by Secunia Research. \n\nORIGINAL ADVISORY:\nCA (CA20110223-01):\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-093/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nCA20110223-01: Security Notice for CA Host-Based Intrusion Prevention \nSystem\n\nIssued: February 23, 2011\nUpdated: February 24, 2011\n\n\nCA Technologies support is alerting customers to a security risk \nassociated with CA Host-Based Intrusion Prevention System (HIPS).  CA Technologies has issued patches to address the \nvulnerability. \n\nThe vulnerability, CVE-2011-1036, is due to insecure method \nimplementation in the XMLSecDB ActiveX control that is utilized in CA \nHIPS components and products. \n\nHIPS client sources are vulnerable if the build number is less than \n1.6.450. \n\nOlder versions of HIPS and ISS, that are no longer supported, may also \nbe vulnerable. \n\n\nSolution\n\nCA has issued the following patches to address the vulnerability. You \ndo not need to restart the client. \n\nCA Internet Security Suite (ISS) 2010:\nFix information will be published soon. \n\nCA Internet Security Suite (ISS) 2011:\nFix information will be published soon. \n\n\nReferences\n\nCVE-2011-1036 - CA HIPS XMLSecDB ActiveX control insecure methods\n\n\nAcknowledgement\n\nAndrea Micalizzi aka rgod, via TippingPoint ZDI\n\n\nChange History\n\nVersion 1.0: Initial Release\nVersion 1.5: Added ISS 2011 to list of affected products. Added \ninstructions for determining if ISS is affected. \n\n\nIf additional information is required, please contact CA Technologies \nSupport at https://support.ca.com. \n\nIf you discover a vulnerability in a CA Technologies product, please \nreport your findings to the CA Technologies Product Vulnerability \nResponse Team. \nsupport.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782\n\n\nThanks and regards,\nKen Williams, Director\nca technologies Product Vulnerability Response Team\nca technologies Business Unit Operations\nwilja22@ca.com\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 9.9.1 (Build 287)\nCharset: utf-8\n\nwj8DBQFNZypeeSWR3+KUGYURAmbuAJ9tD5x666uOpX6ia6ksu4rdnksyggCfSwCn\nkb1ylRiLIRzRg3j1VygjImQ=\n=M+5z\n-----END PGP SIGNATURE-----\n. More\ndetails can be found at:\n\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}\n\n-- Disclosure Timeline:\n2010-08-25 - Vulnerability reported to vendor\n2011-02-23 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by:\n    * Andrea Micalizzi aka rgod\n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n    http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n    http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n\n    http://twitter.com/thezdi\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-1036"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004302"
      },
      {
        "db": "ZDI",
        "id": "ZDI-11-093"
      },
      {
        "db": "BID",
        "id": "46539"
      },
      {
        "db": "VULHUB",
        "id": "VHN-48981"
      },
      {
        "db": "PACKETSTORM",
        "id": "99241"
      },
      {
        "db": "PACKETSTORM",
        "id": "98719"
      },
      {
        "db": "PACKETSTORM",
        "id": "99243"
      },
      {
        "db": "PACKETSTORM",
        "id": "98694"
      }
    ],
    "trust": 2.97
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-48981",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48981"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-1036",
        "trust": 3.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-11-093",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "46539",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "43377",
        "trust": 1.3
      },
      {
        "db": "SECUNIA",
        "id": "43490",
        "trust": 1.3
      },
      {
        "db": "SECTRACK",
        "id": "1025120",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0496",
        "trust": 1.1
      },
      {
        "db": "SREASON",
        "id": "8106",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004302",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-882",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-367",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20110223 ZDI-11-093: CA INTERNET SECURITY SUITE HIPS XML SECURITY DATABASE PARSER CLASS REMOTE CODE EXECUTION VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "16511",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "98694",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "98719",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-48981",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "99241",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "99243",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-11-093"
      },
      {
        "db": "VULHUB",
        "id": "VHN-48981"
      },
      {
        "db": "BID",
        "id": "46539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004302"
      },
      {
        "db": "PACKETSTORM",
        "id": "99241"
      },
      {
        "db": "PACKETSTORM",
        "id": "98719"
      },
      {
        "db": "PACKETSTORM",
        "id": "99243"
      },
      {
        "db": "PACKETSTORM",
        "id": "98694"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-367"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1036"
      }
    ]
  },
  "id": "VAR-201102-0367",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48981"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:09:01.442000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CA20110208-01: Security Advisory for CA Secure Content Manager, Gateway Security",
        "trust": 0.8,
        "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D"
      },
      {
        "title": "CA has issued an update to correct this vulnerability.{53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}",
        "trust": 0.7,
        "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID="
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-11-093"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004302"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-DesignError",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004302"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1036"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-11-093"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/46539"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=%7b53a608df-bfdb-4ab3-a98f-e4bb6bc7a2f4%7d"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1025120"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/43377"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/43490"
      },
      {
        "trust": 1.1,
        "url": "http://securityreason.com/securityalert/8106"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0496"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1036"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1036"
      },
      {
        "trust": 0.7,
        "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid="
      },
      {
        "trust": 0.6,
        "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid={53a608df-bfdb-4ab3-a98f-e4bb6bc7a2f4}"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/516649/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/16511"
      },
      {
        "trust": 0.5,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-11-093/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ca.com"
      },
      {
        "trust": 0.3,
        "url": "http://support.microsoft.com/kb/240797"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/products/corporate/vim/section_179/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1036"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/43377/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/43377/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43377"
      },
      {
        "trust": 0.1,
        "url": "https://support.ca.com."
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/43490/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43490"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/43490/"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://twitter.com/thezdi"
      },
      {
        "trust": 0.1,
        "url": "http://www.tippingpoint.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-11-093"
      },
      {
        "db": "VULHUB",
        "id": "VHN-48981"
      },
      {
        "db": "BID",
        "id": "46539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004302"
      },
      {
        "db": "PACKETSTORM",
        "id": "99241"
      },
      {
        "db": "PACKETSTORM",
        "id": "98719"
      },
      {
        "db": "PACKETSTORM",
        "id": "99243"
      },
      {
        "db": "PACKETSTORM",
        "id": "98694"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-367"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1036"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-11-093"
      },
      {
        "db": "VULHUB",
        "id": "VHN-48981"
      },
      {
        "db": "BID",
        "id": "46539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004302"
      },
      {
        "db": "PACKETSTORM",
        "id": "99241"
      },
      {
        "db": "PACKETSTORM",
        "id": "98719"
      },
      {
        "db": "PACKETSTORM",
        "id": "99243"
      },
      {
        "db": "PACKETSTORM",
        "id": "98694"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-367"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1036"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-02-23T00:00:00",
        "db": "ZDI",
        "id": "ZDI-11-093"
      },
      {
        "date": "2011-02-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-48981"
      },
      {
        "date": "2011-02-23T00:00:00",
        "db": "BID",
        "id": "46539"
      },
      {
        "date": "2012-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-004302"
      },
      {
        "date": "2011-03-14T11:36:59",
        "db": "PACKETSTORM",
        "id": "99241"
      },
      {
        "date": "2011-02-25T04:53:57",
        "db": "PACKETSTORM",
        "id": "98719"
      },
      {
        "date": "2011-03-14T11:37:04",
        "db": "PACKETSTORM",
        "id": "99243"
      },
      {
        "date": "2011-02-24T01:23:59",
        "db": "PACKETSTORM",
        "id": "98694"
      },
      {
        "date": "2011-02-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201102-367"
      },
      {
        "date": "2011-02-25T18:00:02.167000",
        "db": "NVD",
        "id": "CVE-2011-1036"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-02-23T00:00:00",
        "db": "ZDI",
        "id": "ZDI-11-093"
      },
      {
        "date": "2018-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-48981"
      },
      {
        "date": "2011-02-25T14:28:00",
        "db": "BID",
        "id": "46539"
      },
      {
        "date": "2012-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-004302"
      },
      {
        "date": "2011-02-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201102-367"
      },
      {
        "date": "2024-11-21T01:25:22.973000",
        "db": "NVD",
        "id": "CVE-2011-1036"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "98719"
      },
      {
        "db": "PACKETSTORM",
        "id": "98694"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-367"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CA ISS Used in  CA HIPS of  XML Security Database Parser class Vulnerabilities in arbitrary programs being downloaded to client machines",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-004302"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "design error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-367"
      }
    ],
    "trust": 0.6
  }
}

ghsa-gr37-qg3m-8xqp

Vulnerability from github

Published

2022-05-14 02:56

Modified

2025-04-11 03:44

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1036"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-02-25T18:00:00Z",
    "severity": "HIGH"
  },
  "details": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.",
  "id": "GHSA-gr37-qg3m-8xqp",
  "modified": "2025-04-11T03:44:30Z",
  "published": "2022-05-14T02:56:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1036"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
    },
    {
      "type": "WEB",
      "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D"
    },
    {
      "type": "WEB",
      "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43377"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43490"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8106"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/46539"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025120"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0496"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2011-1036

Vulnerability from fkie_nvd

Published

2011-02-25 18:00

Modified

2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://secunia.com/advisories/43377
	cve@mitre.org	http://secunia.com/advisories/43490
	cve@mitre.org	http://securityreason.com/securityalert/8106
	cve@mitre.org	http://www.securityfocus.com/archive/1/516649/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/archive/1/516687/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/bid/46539
	cve@mitre.org	http://www.securitytracker.com/id?1025120
	cve@mitre.org	http://www.vupen.com/english/advisories/2011/0496
	cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-11-093
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/65632
	cve@mitre.org	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43377
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43490
	af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8106
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/516649/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/516687/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46539
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025120
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0496
	af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-11-093
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/65632
	af854a3a-2127-422b-91ae-364da2661108	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D

Impacted products

Vendor	Product	Version
ca	host-based_intrusion_prevention_system	8.1
ca	internet_security_suite_2010	*
ca	internet_security_suite_2011	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ca:host-based_intrusion_prevention_system:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4924C835-EBFB-4B03-95A0-5FF7242D9A41",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ca:internet_security_suite_2010:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "62567F6E-86F1-4A74-903F-8DADEDD61F23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:internet_security_suite_2011:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70377A35-C09D-450C-9AEC-68421FEE1927",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods."
    },
    {
      "lang": "es",
      "value": "La clase XML Security Database Parser en el  control XMLSecDB ActiveX en el componente HIPSEngine en el Management Server anterior a  v8.1.0.88, y el cliente anterior a v1.6.450, en CA Host-Based Intrusion Prevention System (HIPS) v8.1, que se utiliza en CA Internet Security Suite (ISS) de 2010, permite a atacantes remotos  descargar un programa arbitrario en un equipo cliente, y ejecutar el mismo a trav\u00e9s de vectores que comprenden los m\u00e9todos SetXml y Save."
    }
  ],
  "id": "CVE-2011-1036",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 9.2,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-02-25T18:00:02.167",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/43377"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/43490"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/8106"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/46539"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1025120"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0496"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516649/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516687/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2011-1036 (GCVE-0-2011-1036)

Vulnerability from cvelistv5

gsd-2011-1036

Vulnerability from gsd

CERTA-2011-AVI-106

Vulnerability from certfr_avis

Description

Solution

var-201102-0367

Vulnerability from variot

ghsa-gr37-qg3m-8xqp

Vulnerability from github

fkie_cve-2011-1036

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature