CVE-2011-0926

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Desktop
Vendor: CVE Published:; 25 February 2011

Summary

A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.

References

http://www.vupen.com/english/advisories/2011/0513

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/65755

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/516647/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

85% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 25, 2011
Vulnerability Reserved
Feb 10, 2011