Skip to main content

Cisco Secure Desktop ActiveX Control File Download Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 16 Apr 2010 5470 Views

RISK: Medium Risk

A vulnerability has been identified in Cisco Secure Desktop, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by an error in the CSDWebInstaller ActiveX control that fails to properly verify the integrity of an executable file that is used by the Cisco Secure Desktop installation process, which can be exploited by attackers to download and execute arbitrary code by tricking a user into visiting a malicious web page.


Impact

  • Remote Code Execution

System / Technologies affected

  • Cisco Secure Desktop versions prior to 3.5.841

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Cisco Secure Desktop version 3.5.841.
http://www.cisco.com/warp/public/707/cisco-sa-20100414-csd.shtml


Vulnerability Identifier


Source