CVE-2012-4655

The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:secure_desktop:3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.1.1.33:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.1.1.45:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.4.2048:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.5.841:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.5.1077:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.5.2001:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.5.2008:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.6.181:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.6.185:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.6.1001:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.6.2002:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.6.3002:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.6.4021:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_desktop:3.6.5005:*:*:*:*:*:*:*

History

21 Nov 2024, 01:43

Type Values Removed Values Added
References () http://secunia.com/advisories/50669 - () http://secunia.com/advisories/50669 -
References () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac - Vendor Advisory () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac - Vendor Advisory
References () http://www.securityfocus.com/bid/55606 - () http://www.securityfocus.com/bid/55606 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/78677 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/78677 -

Information

Published : 2012-09-24 17:55

Updated : 2024-11-21 01:43


NVD link : CVE-2012-4655

Mitre link : CVE-2012-4655

CVE.ORG link : CVE-2012-4655


JSON object : View

Products Affected

cisco

  • secure_desktop
CWE
CWE-20

Improper Input Validation