This host is installed with CA Host-Based Intrusion Prevention System(HIPS) and is prone to a remote code-execution vulnerability.

Successful exploitation could allow attackers to execute arbitrary code in the context of the logged-in user. Failed exploits result in denial-of-service conditions. Impact Level: Application

Vendor has released a patch to fix this issue, refer below link for patch information. https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=RO26950&actionID=4 ***** NOTE : Ignore this warning, if above mentioned patch is already applied. ***** CA Internet Security Suite (ISS): For updates refer to https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}

The flaw is caused by a design error in the XMLSecDB ActiveX control installed with the HIPSEngine component, which could allow attackers to create arbitrary files on a vulnerable system by tricking a user into visiting a web page which calls the 'SetXml()' and 'Save()' methods.

CA Internet Security Suite (ISS) 2010 CA Internet Security Suite (ISS) 2011 CA Host-Based Intrusion Prevention System (HIPS) r8.1

• http://secunia.com/advisories/43377/
• http://www.zerodayinitiative.com/advisories/ZDI-11-093
• http://xforce.iss.net/xforce/xfdb/65632

---

Updated on 2017-03-28