Remote Code Execution Vulnerability in Cisco Secure Desktop ActiveX Control
CVE-2011-0925

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Desktop
Vendor: CVE Published:; 28 February 2011

Summary

The CSDWebInstallerCtrl ActiveX control, found in the CSDWebInstaller.ocx file within Cisco Secure Desktop, is vulnerable to exploitation by remote attackers. By manipulating the identification of a Cisco program featuring a legitimate digital signature, attackers can rename this program to inst.exe, resulting in the unintended download and execution of malicious software on a client's system. This vulnerability represents a significant risk, allowing unauthorized access and potential control over affected machines, emphasizing the need for robust security measures and timely patching.

References

http://www.vupen.com/english/advisories/2011/0513

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/46538

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1025118

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Feb 28, 2011
Vulnerability Reserved
Feb 10, 2011