Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4655

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-4655
Last Modified 04 Apr 2013 11:13:36
Published 24 Sep 2012 01:55:07
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4655

Summary

The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.

Vulnerable Systems

Application

  • Cisco Secure Desktop 3.1

  • Cisco Secure Desktop 3.1.1

  • Cisco Secure Desktop 3.1.1.27

  • Cisco Secure Desktop 3.1.1.33

  • Cisco Secure Desktop 3.1.1.45

  • Cisco Secure Desktop 3.2

  • Cisco Secure Desktop 3.2.1

  • Cisco Secure Desktop 3.3

  • Cisco Secure Desktop 3.4

  • Cisco Secure Desktop 3.4.1

  • Cisco Secure Desktop 3.4.2

  • Cisco Secure Desktop 3.4.2048

  • Cisco Secure Desktop 3.5

  • Cisco Secure Desktop 3.5.1077

  • Cisco Secure Desktop 3.5.2001

  • Cisco Secure Desktop 3.5.2008

  • Cisco Secure Desktop 3.5.841

  • Cisco Secure Desktop 3.6

  • Cisco Secure Desktop 3.6.1001

  • Cisco Secure Desktop 3.6.181

  • Cisco Secure Desktop 3.6.185

  • Cisco Secure Desktop 3.6.2002

  • Cisco Secure Desktop 3.6.3002

  • Cisco Secure Desktop 3.6.4021

  • Cisco Secure Desktop 3.6.5005


References

CISCO - 20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client

SECUNIA - 50669

XF - securedesktop-weblaunch-code-execution(78677)

BID - 55606


Last Updated: 27 May 2016 11:00:48