CVE-2010-0589

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Desktop
Vendor: CVE Published:; 15 April 2010

Summary

The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876.

References

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

http://www.zerodayinitiative.com/advisories/ZDI-10-072/

x_refsource_MISC

http://www.securityfocus.com/bid/39478

vdb-entryx_refsource_BID

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 15, 2010
Vulnerability Reserved
Feb 10, 2010