The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:43
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/50669 - | |
References | () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/55606 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/78677 - |
Information
Published : 2012-09-24 17:55
Updated : 2024-11-21 01:43
NVD link : CVE-2012-4655
Mitre link : CVE-2012-4655
CVE.ORG link : CVE-2012-4655
JSON object : View
Products Affected
cisco
- secure_desktop
CWE
CWE-20
Improper Input Validation