Cisco Secure Desktop ActiveX Control File Download Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 16 Apr 2010 5305 Views

RISK: Medium Risk

Medium Risk

A vulnerability has been identified in Cisco Secure Desktop, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by an error in the CSDWebInstaller ActiveX control that fails to properly verify the integrity of an executable file that is used by the Cisco Secure Desktop installation process, which can be exploited by attackers to download and execute arbitrary code by tricking a user into visiting a malicious web page.

Impact

  • Remote Code Execution

System / Technologies affected

  • Cisco Secure Desktop versions prior to 3.5.841

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Cisco Secure Desktop version 3.5.841.
http://www.cisco.com/warp/public/707/cisco-sa-20100414-csd.shtml

Vulnerability Identifier

Source

Share with

Previous

Oracle Products and Components Multiple Vulnerabilities

14 Apr 2010 5210 Views

Next

Apple Mac OS X ATS Font Processing Invalid Index Vulnerability

16 Apr 2010 5269 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY