Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Secure Desktop ActiveX multiple security vulnerabilities
Published:24.02.2011
Source:
SecurityVulns ID:11456
Type:client
Threat Level:
6/10
Description:Few code execution possibilities.
CVE:CVE-2011-0926 (A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.)
 CVE-2011-0925 (The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926.)
Original documentdocumentZDI, ZDI-11-092: (0day) Cisco Secure Desktop CSDWebInstaller ActiveX Control Cleaner.cab Remote Code Execution Vulnerability (24.02.2011)
 documentZDI, ZDI-11-091: (0day) Cisco Secure Desktop CSDWebInstaller Remote Code Execution Vulnerability (24.02.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod