CVE-2011-1036
NVD-CWE-OtherPublished: February 25, 2011· Updated: Jun 16, 2026
Official Description
The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.
Technical Analysis
CVE-2011-1036 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
All References (22)
Quick Facts
Related CVEs (NVD-CWE-Other)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2011-1036 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts