CVE-2011-3006

EUVD-2011-2974
The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting (XSS) attack, execute arbitrary code using the MyASUtil.InstallInfo.RunUserProgram function, and possibly conduct other unspecified attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
mcafeesaas_endpoint_protection
𝑥
≤ 5.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dvlabs.tippingpoint.com/advisory/TPTI-11-12
http://osvdb.org/74512
https://exchange.xforce.ibmcloud.com/vulnerabilities/69094
https://kc.mcafee.com/corporate/index?page=content&id=SB10016
http://dvlabs.tippingpoint.com/advisory/TPTI-11-12
http://osvdb.org/74512
https://exchange.xforce.ibmcloud.com/vulnerabilities/69094
https://kc.mcafee.com/corporate/index?page=content&id=SB10016