Unrated severityNVD Advisory· Published Aug 10, 2011· Updated Apr 29, 2026

CVE-2011-3007

Description

The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to write to arbitrary files by specifying an arbitrary filename in the MyCioScan.Scan.ReportFile parameter, as demonstrated by injecting script into a log file and executing arbitrary code using the MyCioScan.Scan.Start method.

Affected products

McAfee/Saas Endpoint Protection
cpe:2.3:a:mcafee:saas_endpoint_protection:*:*:*:*:*:*:*:*
Range: <=5.2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kc.mcafee.com/corporate/indexnvdVendor Advisory
dvlabs.tippingpoint.com/advisory/TPTI-11-13nvd
osvdb.org/74513nvd
exchange.xforce.ibmcloud.com/vulnerabilities/69093nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000