CVE-2011-3006
McAfee SaaS Endpoint Protection <= 5.2.1 - Remote Code Execution via MyAsUtil ActiveX Control
Title source: llmDescription
The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting (XSS) attack, execute arbitrary code using the MyASUtil.InstallInfo.RunUserProgram function, and possibly conduct other unspecified attacks.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69094
Vendor Advisory x_refsource_misc
http://dvlabs.tippingpoint.com/advisory/TPTI-11-12
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10016
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/74512
Scores
EPSS
0.0099
EPSS Percentile
77.1%
Details
CWE
CWE-264
Status
published
Products (1)
mcafee/saas_endpoint_protection
< 5.2.1
Published
Aug 10, 2011
Tracked Since
Feb 18, 2026