Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0925

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-0925
Last Modified 21 Sep 2011 11:29:10
Published 28 Feb 2011 11:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0925

Summary

The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926.

Vulnerable Systems

Application

  • Cisco Secure Desktop


References

MISC - http://zerodayinitiative.com/advisories/ZDI-11-092/

XF - cisco-secure-activex-code-execution(65754)

VUPEN - ADV-2011-0513

SECTRACK - 1025118

BID - 46538

BUGTRAQ - 20110223 ZDI-11-092: (0day) Cisco Secure Desktop CSDWebInstaller ActiveX Control Cleaner.cab Remote Code Execution Vulnerability

SREASON - 8108


Last Updated: 27 May 2016 10:56:06