Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Secure Desktop ActiveX code execution
Published:19.04.2010
Source:
SecurityVulns ID:10773
Type:client
Threat Level:
7/10
Description:Web Install ActiveX allows to download and execute code due to failed signature validation.
Affected:CISCO : Cisco Secure Desktop 3.5
CVE:CVE-2010-0589 (The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876.)
Original documentdocumentZDI, ZDI-10-072: Cisco Secure Desktop CSDWebInstaller ActiveX Control Remote Code Execution Vulnerability (19.04.2010)
 documentCISCO, Cisco Security Advisory: Cisco Secure Desktop ActiveX Control Code Execution Vulnerability (19.04.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod