CVE Reference: CVE-2011-3006

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2011-3006

Description:
The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting (XSS) attack, execute arbitrary code using the MyASUtil.InstallInfo.RunUserProgram function, and possibly conduct other unspecified attacks.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/69094

OSVDB
  74512

MISC
  http://dvlabs.tippingpoint.com/advisory/TPTI-11-12

CONFIRM


Return to the previous page.