CVE-2011-3007
McAfee SaaS Endpoint Protection <= 5.2.1 - Arbitrary File Write via myCIOScn ActiveX Control
Title source: llmDescription
The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to write to arbitrary files by specifying an arbitrary filename in the MyCioScan.Scan.ReportFile parameter, as demonstrated by injecting script into a log file and executing arbitrary code using the MyCioScan.Scan.Start method.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10016
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69093
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/74513
Vendor Advisory x_refsource_misc
http://dvlabs.tippingpoint.com/advisory/TPTI-11-13
Scores
EPSS
0.0058
EPSS Percentile
69.1%
Details
CWE
CWE-94
Status
published
Products (1)
mcafee/saas_endpoint_protection
< 5.2.1
Published
Aug 10, 2011
Tracked Since
Feb 18, 2026