CVE-2011-1036
CVE-2011-1036 is a high-severity vulnerability in Ca Host-based Intrusion Prevention System with a CVSS 2.0 base score of 8.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 2.0 base score 8.8)
- EPSS exploit prediction: 3% (83rd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Ca Host-based Intrusion Prevention System
- Published:
- Last modified:
Description
The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.
Frequently asked questions
- What is CVE-2011-1036?
- The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.
- How severe is CVE-2011-1036?
- CVE-2011-1036 has a CVSS 2.0 base score of 8.8, rated high severity.
- Is CVE-2011-1036 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 3% (83rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2011-1036?
- CVE-2011-1036 primarily affects Ca Host-based Intrusion Prevention System. In total, 3 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2011-1036?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2011-1036 published?
- CVE-2011-1036 was published on 2011-02-25 and last updated on 2026-06-16.
References
- http://secunia.com/advisories/43377
- http://secunia.com/advisories/43490
- http://securityreason.com/securityalert/8106
- http://www.securityfocus.com/archive/1/516649/100/0/threaded
- http://www.securityfocus.com/archive/1/516687/100/0/threaded
- http://www.securityfocus.com/bid/46539
- http://www.securitytracker.com/id?1025120
- http://www.vupen.com/english/advisories/2011/0496
- http://www.zerodayinitiative.com/advisories/ZDI-11-093
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65632
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4%7D
Affected products (3)
- cpe:2.3:a:ca:host-based_intrusion_prevention_system:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:ca:internet_security_suite_2010:*:*:*:*:*:*:*:*
- cpe:2.3:a:ca:internet_security_suite_2011:*:*:*:*:*:*:*:*
More vulnerabilities in Ca Host-based Intrusion Prevention System
- CVE-2006-6952 — High (CVSS 7.2): Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall…
- CVE-2009-2740 — Medium (CVSS 5.0): kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention System (HIPS) 8.1 allows remote attackers to cause a…
All CVEs affecting Ca Host-based Intrusion Prevention System →