Cisco Secure Desktop ActiveX code execution - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Cisco Secure Desktop ActiveX code execution
Published: 19.04.2010
Source: BUGTRAQ
SecurityVulns ID: 10773
Type: client
Level: 7/10
Description: Web Install ActiveX allows to download and execute code due to failed signature validation.

Affected: CISCO : Cisco Secure Desktop 3.5
CVE: CVE-2010-0589 (The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876.)

Original document ZDI, ZDI-10-072: Cisco Secure Desktop CSDWebInstaller ActiveX Control Remote Code Execution Vulnerability (19.04.2010)

CISCO, Cisco Security Advisory: Cisco Secure Desktop ActiveX Control Code Execution Vulnerability (19.04.2010)

Discuss: Read or add your comments to this news (0 comments)