CVE-2011-3007
Summary
| CVE | CVE-2011-3007 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-08-10 20:55:00 UTC |
| Updated | 2017-08-29 01:29:00 UTC |
| Description | The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to write to arbitrary files by specifying an arbitrary filename in the MyCioScan.Scan.ReportFile parameter, as demonstrated by injecting script into a log file and executing arbitrary code using the MyCioScan.Scan.Start method. |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mcafee | Saas Endpoint Protection | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| TippingPoint | DVLabs | | MISC | dvlabs.tippingpoint.com | |
| McAfee KnowledgeBase - McAfee Security Bulletin - McAfee SaaS Endpoint Protection update fixes multiple ActiveX issues | CONFIRM | kc.mcafee.com | Vendor Advisory |
| 74513 | OSVDB | osvdb.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.