The host is installed with CA Internet Security Suite (ISS) or CA Host-Based Intrusion Prevention System (HIPS) and is prone to remote code execution vulnerability. A flaw is present in XMLSecDB ActiveX control in CA HIPS components and products which fails to implement the method securely. Successful exploitation allows remote attacker to potentially execute arbitrary code if the attacker can trick a user into visiting a malicious web page or opening a malicious file.