CVE-2011-3006

N/A Unknown
Published: August 10, 2011 Modified: April 29, 2026
View on NVD

Description

The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting (XSS) attack, execute arbitrary code using the MyASUtil.InstallInfo.RunUserProgram function, and possibly conduct other unspecified attacks.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://dvlabs.tippingpoint.com/advisory/TPTI-11-12
Source: cve@mitre.org
http://osvdb.org/74512
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/69094
Source: cve@mitre.org
https://kc.mcafee.com/corporate/index?page=content&id=SB10016
Source: cve@mitre.org
Vendor Advisory
http://dvlabs.tippingpoint.com/advisory/TPTI-11-12
Source: af854a3a-2127-422b-91ae-364da2661108
http://osvdb.org/74512
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/69094
Source: af854a3a-2127-422b-91ae-364da2661108
https://kc.mcafee.com/corporate/index?page=content&id=SB10016
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
2.1%
80th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

mcafee

Related CVEs

CVE-2026-13422 4.3
CVE-2026-13335 6.4
CVE-2026-13333 6.5
CVE-2026-13331 6.5
CVE-2026-11356 4.4