PT-2011-2827 · Ca · Ca Host-Based Intrusion Prevention System+1

Published

2011-02-23

Updated

2018-10-09

CVE-2011-1036

CVSS v2.0

8.8

High

Vector

AV:N/AC:M/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions CA Host-Based Intrusion Prevention System (HIPS) versions prior to 8.1.0.88 CA Internet Security Suite (ISS) 2010 versions prior to 1.6.450

Description The issue allows remote attackers to download and execute an arbitrary program onto a client machine. This is achieved through vectors involving the SetXml and Save methods of the XML Security Database Parser class in the HIPSEngine component.

Recommendations For CA Host-Based Intrusion Prevention System (HIPS) versions prior to 8.1.0.88, update to version 8.1.0.88 or later. For CA Internet Security Suite (ISS) 2010 versions prior to 1.6.450, update to version 1.6.450 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2011-1036

ZDI-11-093

Affected Products

Ca Host-Based Intrusion Prevention System

Ca Internet Security Suite

PT-2011-2827 · Ca · Ca Host-Based Intrusion Prevention System+1

CVE-2011-1036

Related Identifiers

Affected Products

References · 13