Lucene search

MitreCVE-2011-3006

HistoryAug 10, 2011 - 8:55 p.m.

CVE-2011-3006

2011-08-1020:55:01

CWE-264

mitre

web.nvd.nist.gov

cve-2011-3006

myasutil

activex control

mcafee saas endpoint protection

xss

remote code execution

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

High

EPSS

0.011

Percentile

84.3%

JSON

The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting (XSS) attack, execute arbitrary code using the MyASUtil.InstallInfo.RunUserProgram function, and possibly conduct other unspecified attacks.

Affected configurations

Nvd

Node

mcafeesaas_endpoint_protectionRange≤5.2.1

VendorProductVersionCPE
mcafeesaas_endpoint_protection*cpe:2.3:a:mcafee:saas_endpoint_protection:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mcafee	saas_endpoint_protection	*	cpe:2.3:a:mcafee:saas_endpoint_protection::::::::

References

dvlabs.tippingpoint.com/advisory/TPTI-11-12

osvdb.org/74512

exchange.xforce.ibmcloud.com/vulnerabilities/69094

kc.mcafee.com/corporate/index?page=content&id=SB10016

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

High

EPSS

0.011

Percentile

84.3%

JSON

Related for CVE-2011-3006