A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.
References
Configurations
History
21 Nov 2024, 01:25
Type | Values Removed | Values Added |
---|---|---|
References | () http://securityreason.com/securityalert/8105 - | |
References | () http://www.securityfocus.com/archive/1/516647/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/46536 - | |
References | () http://www.securitytracker.com/id?1025118 - | |
References | () http://www.vupen.com/english/advisories/2011/0513 - | |
References | () http://www.zerodayinitiative.com/advisories/ZDI-11-091/ - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/65755 - |
Information
Published : 2011-02-25 18:00
Updated : 2024-11-21 01:25
NVD link : CVE-2011-0926
Mitre link : CVE-2011-0926
CVE.ORG link : CVE-2011-0926
JSON object : View
Products Affected
cisco
- secure_desktop
CWE
CWE-20
Improper Input Validation