Summary
This host is installed with McAfee SaaS Endpoint Protection and is prone to multiple code execution vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code in the context of the application running the ActiveX control.
Impact Level: System/Application
Solution
Upgrade to McAfee SaaS Endpoint Protection version 5.2.2 or later, For updates refer to http://www.mcafeeasap.com/
Insight
- An error within the MyASUtil ActiveX control (MyAsUtil5.2.0.603.dll) when processing the 'CreateSecureObject()' method can be exploited to inject and execute arbitrary commands.
- The insecure 'Start()' method within the MyCioScan ActiveX control (myCIOScn.dll) can be exploited to write to arbitrary files in the context of the currently logged-on user.
Affected
McAfee SaaS Endpoint Protection version 5.2.1 and prior.
References
Severity
Classification
-
CVE CVE-2011-3006, CVE-2011-3007 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities