CVE-2011-3006

Name of the Vulnerable Software and Affected Versions McAfee SaaS Endpoint Protection versions 5.2.1 and earlier

Description The issue allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting (XSS) attack, execute arbitrary code using the MyASUtil.InstallInfo.RunUserProgram function, and possibly conduct other unspecified attacks.

Recommendations For McAfee SaaS Endpoint Protection versions 5.2.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.