HTTP: CA Internet Security Suite XMLSecDB ActiveX Vulnerability
This signature detects attempts to exploit a known insecure file creation vulnerability in CA Internet Security Suite. It is due to an error when the XMLSecDB ActiveX control, which is installed with the HIPSEngine component, handles SetXml and Save methods. A remote unauthenticated attacker can exploit this by enticing a target user to open a maliciously crafted HTML page. A successful attack can allow attackers to execute arbitrary code within the context of the current user.
Extended Description
CA Host-Based Intrusion Prevention System(HIPS) is prone to a remote code-execution vulnerability. An attacker can exploit this vulnerability to execute arbitrary code in the context of the logged-in user. Failed exploits result in denial-of-service conditions. Internet Security Suite 2008 is vulnerable; other versions may also be affected.
Affected Products
Computer_associates internet_security_suite
Short Name
HTTP:STC:ACTIVEX:CA-XMLSECDB
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CA CVE-2011-1036 Internet Security Suite Vulnerability XMLSecDB bid:46539
Release Date
03/07/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Computer_associates
CVSS Score
8.8