McAfee SaaS Endpoint Protection MyAsUtil5.2.0.603.dll ActiveX control code execution (McafeeSaasMyasutil520603CodeExecution)

Vuln ID: 69094
Risk Level: High risk vulnerability  High McafeeSaasMyasutil520603CodeExecution
Platforms: McAfee SaaS Endpoint Protection: 5.2.1
Description:

The McAfee SaaS Endpoint Protection MyAsUtil5.2.0.603.dll ActiveX control could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to click on a specially-crafted link, a remote attacker could exploit this vulnerability using a cross-site scripting attack to execute arbitrary code on the system with the privileges of the victim.

Remedy:

Refer to McAfee Security Bulletin ID: SB10016 for patch, upgrade or suggested workaround information. See References.

False Positives:
False Negatives:
Required Permission: Windows login
Additional Information:

References:

TPTI-11-12
McAfee SaaS MyAsUtil5.2.0.603.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-11-12

McAfee Security Bulletin ID: SB10016
McAfee SaaS Endpoint Protection update fixes multiple ActiveX issues
https://kc.mcafee.com/corporate/index?page=content&id=SB10016

ISS X-Force
McAfee SaaS Endpoint Protection MyAsUtil5.2.0.603.dll ActiveX control code execution
http://www.iss.net/security_center/static/69094.php

CVE CVE-2011-3006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3006


X-Force Logo
Know Your Risks
Mitre.org CVE Logo
Common Vulnerabilties & Exposures