Remote Code Execution Vulnerability in Cisco Secure Desktop WebLaunch Feature
CVE-2012-4655

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Desktop
Vendor: CVE Published:; 24 September 2012

Summary

The WebLaunch feature in Cisco Secure Desktop prior to version 3.6.6020 fails to adequately validate binaries downloaded by its process. This oversight allows remote attackers to exploit the system by executing arbitrary code through carefully crafted ActiveX or Java components. Vulnerability references are associated with Bug IDs CSCtz76128 and CSCtz78204, highlighting potential attack vectors that compromise user security.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://secunia.com/advisories/50669

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/78677

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 24, 2012
Vulnerability Reserved
Aug 24, 2012