Remote code execution vulnerability in XMLSecDB ActiveX control in CA Internet Security Suite (ISS) 2010,2011 and CA Host-Based Intrusion Prevention System (HIPS) 8.1ID: oval:org.secpod.oval:def:543 | Date: (C)2011-03-24 (M)2023-11-09 |
Class: VULNERABILITY | Family: windows |
The host is installed with CA Internet Security Suite (ISS) or CA Host-Based Intrusion Prevention System (HIPS) and is prone to remote code execution vulnerability. A flaw is present in XMLSecDB ActiveX control in CA HIPS components and products which fails to implement the method securely. Successful exploitation allows remote attacker to potentially execute arbitrary code if the attacker can trick a user into visiting a malicious web page or opening a malicious file.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows XP |
Product: |
CA Host-Based Intrusion Prevention System |
CA Internet Security Suite |