Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0926

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-0926
Last Modified 21 Sep 2011 11:29:10
Published 25 Feb 2011 01:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0926

Summary

A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.

Vulnerable Systems

Application

  • Cisco Secure Desktop


References

XF - cisco-securedesktop-activex-code-execution(65755)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-11-091/

VUPEN - ADV-2011-0513

SECTRACK - 1025118

BID - 46536

BUGTRAQ - 20110223 ZDI-11-091: (0day) Cisco Secure Desktop CSDWebInstaller Remote Code Execution Vulnerability

SREASON - 8105


Last Updated: 27 May 2016 10:56:06