CVE-2011-3006

medium

Trellix

CVSS v3 Base Score

6.8

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Score

1.0%

Exploitation probability in 30 days

Top 23% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

Integrity

Availability

Published: August 10, 2011 (5391 days ago)

Last Modified: April 29, 2026

Vendor: Trellix

Source: NVD

Description

The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting (XSS) attack, execute arbitrary code using the MyASUtil.InstallInfo.RunUserProgram function, and possibly conduct other unspecified attacks.

CWE

CWE-264

Affected Products

mcafee saas endpoint protection

References

🔗 dvlabs.tippingpoint.com 🔗 osvdb.org 🔗 exchange.xforce.ibmcloud.com 🔗 kc.mcafee.com 🔗 dvlabs.tippingpoint.com

CVE-2011-3006

Vulnerability Report

Description

CWE

Affected Products

References