First published: Thu Apr 15 2010(Updated: )
The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Secure Desktop | =3.1.1.33 | |
Cisco Secure Desktop | =3.3 | |
Cisco Secure Desktop | =3.4.2048 | |
Cisco Secure Desktop | <=3.5 | |
Cisco Secure Desktop | =3.1.1 | |
Cisco Secure Desktop | =3.2 | |
Cisco Secure Desktop | =3.2.1 | |
Cisco Secure Desktop | =3.4 | |
Cisco Secure Desktop | =3.1.1.27 | |
Cisco Secure Desktop | =3.4.2 | |
Cisco Secure Desktop | =3.4.1 | |
Cisco Secure Desktop | =3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.