CVE-2008-2511

CA Internet Security Suite Plus 2008 - Arbitrary File Write via UmxEventCli ActiveX SaveToFile Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2511. PoCs published by Nine:Situations:Group.

AI-analyzed exploit summary This exploit targets a vulnerability in CA Internet Security Suite 2008 via the UmxEventCli.dll component. It uses the SaveToFile() method to overwrite arbitrary files, such as boot.ini, by leveraging an unsafe ActiveX control.

Description

Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the argument to the SaveToFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group · htmldoswindows

https://www.exploit-db.com/exploits/5682

View Code ZIP pw:eip

This exploit targets a vulnerability in CA Internet Security Suite 2008 via the UmxEventCli.dll component. It uses the SaveToFile() method to overwrite arbitrary files, such as boot.ini, by leveraging an unsafe ActiveX control.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: CA Internet Security Suite 2008

No auth needed

Prerequisites: Victim must open the malicious HTML file in a browser with the vulnerable ActiveX control installed

MITRE ATT&CK