CVE-2011-3007

Published: Aug 10, 2011Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to write to arbitrary files by specifying an arbitrary filename in the MyCioScan.Scan.ReportFile parameter, as demonstrated by injecting script into a log file and executing arbitrary code using the MyCioScan.Scan.Start method.

Affected (1)

Products: Mcafee: Saas Endpoint Protection

1 product

Saas Endpoint Protection

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mcafee Saas Endpoint Protection	Up to 5.2.1

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (8)

http://dvlabs.tippingpoint.com/advisory/TPTI-11-13

Source: cve@mitre.org

http://osvdb.org/74513

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/69093

Source: cve@mitre.org

https://kc.mcafee.com/corporate/index?page=content&id=SB10016

Source: cve@mitre.org

Vendor Advisory

http://dvlabs.tippingpoint.com/advisory/TPTI-11-13

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/74513

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/69093

Source: af854a3a-2127-422b-91ae-364da2661108

https://kc.mcafee.com/corporate/index?page=content&id=SB10016

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.