Detections
Analytics

CVE-2011-1036

critical

Description

The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.

References

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D

https://exchange.xforce.ibmcloud.com/vulnerabilities/65632

http://www.zerodayinitiative.com/advisories/ZDI-11-093

http://www.vupen.com/english/advisories/2011/0496

http://www.securitytracker.com/id?1025120

http://www.securityfocus.com/bid/46539

http://www.securityfocus.com/archive/1/516687/100/0/threaded

http://www.securityfocus.com/archive/1/516649/100/0/threaded

http://securityreason.com/securityalert/8106

http://secunia.com/advisories/43490

http://secunia.com/advisories/43377

Details

Source: Mitre, NVD

Published: 2011-02-25

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 8.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.05056