The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server prior to 8.1.0.88, and the client prior to 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote malicious users to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ca host-based_intrusion_prevention_system 8.1 |
||
ca internet_security_suite_2010 |
||
ca internet_security_suite_2011 |