CVE-2012-4655: Input Validation

First published: Mon Sep 24 2012(Updated: )

The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.

Credit: ykramarz@cisco.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/references
• agent/weakness
• agent/severity
• agent/author
• agent/type
• agent/description
• agent/event
• agent/last-modified-date
• agent/tags
• agent/softwarecombine
• agent/first-publish-date
• collector/mitre-cve
• source/MITRE
• vendor/cisco
• canonical/cisco secure desktop
• version/cisco secure desktop/3.1
• version/cisco secure desktop/3.1.1
• version/cisco secure desktop/3.1.1.27
• version/cisco secure desktop/3.1.1.33
• version/cisco secure desktop/3.1.1.45
• version/cisco secure desktop/3.2
• version/cisco secure desktop/3.2.1
• version/cisco secure desktop/3.3
• version/cisco secure desktop/3.4
• version/cisco secure desktop/3.4.1
• version/cisco secure desktop/3.4.2
• version/cisco secure desktop/3.4.2048
• version/cisco secure desktop/3.5
• version/cisco secure desktop/3.5.841
• version/cisco secure desktop/3.5.1077
• version/cisco secure desktop/3.5.2001
• version/cisco secure desktop/3.5.2008
• version/cisco secure desktop/3.6
• version/cisco secure desktop/3.6.181
• version/cisco secure desktop/3.6.185
• version/cisco secure desktop/3.6.1001
• version/cisco secure desktop/3.6.2002
• version/cisco secure desktop/3.6.3002
• version/cisco secure desktop/3.6.4021
• version/cisco secure desktop/3.6.5005