Cisco Secure Desktop CSDWebInstaller ActiveX Multiple Vulnerabilities

Last Update Date: 1 Mar 2011 17:04 Release Date: 1 Mar 2011 5643 Views

RISK: High Risk

High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Two vulnerabilities have been identified in Cisco Secure Desktop, which could be exploited by remote attackers to compromise a vulnerable system.

  1. An error in the "CSDWebInstallerCtrl" ActiveX control (CSDWebInstaller.ocx) when handling a Cisco-signed executable file named "inst.exe", which could allow attackers to exploit certain vulnerabilities in signed executable files.
  2. An error in the "CSDWebInstallerCtrl" ActiveX control (CSDWebInstaller.ocx) that does not properly verify the digital signature of an executable file that is downloaded and executed, which could allow attackers to execute arbitrary code by tricking a user into visiting a malicious web page.

Impact

  • Remote Code Execution

System / Technologies affected

  • Cisco Secure Desktop versions 3.x

Solutions

  • There is no patch available for this vulnerability currently.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Citrix Secure Gateway Unspecified Remote Code Execution Vulnerability

1 Mar 2011 5588 Views

Next

Google Chrome Multiple Vulnerabilities

2 Mar 2011 5453 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY