Code Execution Vulnerability in Cisco Secure Desktop ActiveX Control
CVE-2010-0589

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Desktop
Vendor: CVE Published:; 15 April 2010

Summary

The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop prior to version 3.5.841 fails to adequately validate the signatures of downloaded programs. This weakness enables remote attackers to leverage a specially crafted web page to trigger the download and execution of arbitrary files on affected systems. Successful exploitation of this vulnerability potentially compromises the security of the affected device, allowing malicious code to be executed without user consent.

References

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

http://www.zerodayinitiative.com/advisories/ZDI-10-072/

x_refsource_MISC

http://www.securityfocus.com/bid/39478

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Apr 15, 2010
Vulnerability Reserved
Feb 10, 2010