Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в ActiveX Cisco Secure Desktop
Опубликовано:24 февраля 2011 г.
Источник:
SecurityVulns ID:11456
Тип:клиент
Уровень опасности:
6/10
Описание:Несколько возможностей выполнения кода.
CVE:CVE-2011-0926 (A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.)
 CVE-2011-0925 (The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926.)
Оригинальный текстdocumentZDI, ZDI-11-092: (0day) Cisco Secure Desktop CSDWebInstaller ActiveX Control Cleaner.cab Remote Code Execution Vulnerability (24.02.2011)
 documentZDI, ZDI-11-091: (0day) Cisco Secure Desktop CSDWebInstaller Remote Code Execution Vulnerability (24.02.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород