Remote Code Execution and Cross-Site Scripting Vulnerability in McAfee SaaS Endpoint Protection

Remote Code Execution and Cross-Site Scripting Vulnerability in McAfee SaaS Endpoint Protection

CVE-2011-3006 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting (XSS) attack, execute arbitrary code using the MyASUtil.InstallInfo.RunUserProgram function, and possibly conduct other unspecified attacks.

Learn more about our User Device Pen Test.