McAfee Security-as-a-Service (SaaS) < 5.2.2 ActiveX Controls Arbitrary Code Execution (SB10016)

High Nessus Plugin ID 57728


The remote Windows host has ActiveX controls installed that could be abused to execute arbitrary code remotely.


Multiple ActiveX controls, installed on the remote Windows host as part of McAfee Security-as-a-Service (SaaS) / Total Protection Service, are potentially affected by the following issues :

- A flaw in the MyAsUtil.dll ActiveX control can be exploited to execute arbitrary commands.

- A flaw in the myCIOScn.dll ActiveX control can be exploited to write arbitrary data to a file on the affected computer.


Upgrade to McAfee SaaS Endpoint Protection 5.2.2 or later.

See Also

Plugin Details

Severity: High

ID: 57728

File Name: mcafee_saas_522_multiple_vulns.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2012/01/30

Modified: 2016/12/19

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mcafee:saas_endpoint_protection

Required KB Items: SMB/Registry/Enumerated

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2011/08/04

Vulnerability Publication Date: 2011/08/08

Reference Information

CVE: CVE-2011-3006, CVE-2011-3007

BID: 49088

OSVDB: 74512, 74513