Remote Code Execution Vulnerability in Cisco Secure Desktop ActiveX Control
CVE-2011-0926

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Desktop
Vendor: CVE Published:; 25 February 2011

Summary

An ActiveX control within the Cisco Secure Desktop framework, specifically CSDWebInstaller.ocx, fails to adequately verify the signatures of downloaded programs. This failure could enable remote attackers to exploit the installation process, allowing them to execute arbitrary code on the victim's system. This vulnerability necessitates immediate attention to prevent potential security breaches.

References

http://www.vupen.com/english/advisories/2011/0513

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/65755

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/516647/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Feb 25, 2011
Vulnerability Reserved
Feb 10, 2011