ActiveX Control Vulnerability in McAfee SaaS Endpoint Protection
CVE-2011-3006

Currently unrated

Key Information:

Vendor: Mcafee
Status: Saas Endpoint Protection
Vendor: CVE Published:; 10 August 2011

Summary

The MyAsUtil ActiveX control in the McAfee SaaS Endpoint Protection software contains a vulnerability that allows remote attackers to bypass execution policies and execute arbitrary code through Cross-Site Scripting (XSS) attacks. This attack exploits the MyASUtil.SecureObjectFactory.CreateSecureObject method and can lead to significant security breaches by allowing unauthorized actions within the client's environment. Users of McAfee SaaS Endpoint Protection versions 5.2.1 and earlier are particularly at risk.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/69094

vdb-entryx_refsource_XF

http://dvlabs.tippingpoint.com/advisory/TPTI-11-12

x_refsource_MISC

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 10, 2011
Vulnerability Reserved
Aug 2, 2011