CVE-2012-4655: Input Validation
First published: Mon Sep 24 2012(Updated: )
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Secure Desktop | =3.1 | |
| Cisco Secure Desktop | =3.1.1 | |
| Cisco Secure Desktop | =3.1.1.27 | |
| Cisco Secure Desktop | =3.1.1.33 | |
| Cisco Secure Desktop | =3.1.1.45 | |
| Cisco Secure Desktop | =3.2 | |
| Cisco Secure Desktop | =3.2.1 | |
| Cisco Secure Desktop | =3.3 | |
| Cisco Secure Desktop | =3.4 | |
| Cisco Secure Desktop | =3.4.1 | |
| Cisco Secure Desktop | =3.4.2 | |
| Cisco Secure Desktop | =3.4.2048 | |
| Cisco Secure Desktop | =3.5 | |
| Cisco Secure Desktop | =3.5.841 | |
| Cisco Secure Desktop | =3.5.1077 | |
| Cisco Secure Desktop | =3.5.2001 | |
| Cisco Secure Desktop | =3.5.2008 | |
| Cisco Secure Desktop | =3.6 | |
| Cisco Secure Desktop | =3.6.181 | |
| Cisco Secure Desktop | =3.6.185 | |
| Cisco Secure Desktop | =3.6.1001 | |
| Cisco Secure Desktop | =3.6.2002 | |
| Cisco Secure Desktop | =3.6.3002 | |
| Cisco Secure Desktop | =3.6.4021 | |
| Cisco Secure Desktop | =3.6.5005 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-4655?
CVE-2012-4655 has been assigned a moderate severity level due to its potential to allow remote code execution.
How do I fix CVE-2012-4655?
To mitigate CVE-2012-4655, update Cisco Secure Desktop to the latest version provided by Cisco.
What versions are affected by CVE-2012-4655?
CVE-2012-4655 affects Cisco Secure Desktop versions before 3.6.6020.
What type of vulnerability is CVE-2012-4655?
CVE-2012-4655 is a remote code execution vulnerability caused by improper validation of binaries in the WebLaunch feature.
Who discovered CVE-2012-4655?
CVE-2012-4655 was identified through internal Cisco security assessments and reported as Bug IDs CSCtz76128 and CSCtz78204.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/cisco
- canonical/cisco secure desktop
- version/cisco secure desktop/3.1
- version/cisco secure desktop/3.1.1
- version/cisco secure desktop/3.1.1.27
- version/cisco secure desktop/3.1.1.33
- version/cisco secure desktop/3.1.1.45
- version/cisco secure desktop/3.2
- version/cisco secure desktop/3.2.1
- version/cisco secure desktop/3.3
- version/cisco secure desktop/3.4
- version/cisco secure desktop/3.4.1
- version/cisco secure desktop/3.4.2
- version/cisco secure desktop/3.4.2048
- version/cisco secure desktop/3.5
- version/cisco secure desktop/3.5.841
- version/cisco secure desktop/3.5.1077
- version/cisco secure desktop/3.5.2001
- version/cisco secure desktop/3.5.2008
- version/cisco secure desktop/3.6
- version/cisco secure desktop/3.6.181
- version/cisco secure desktop/3.6.185
- version/cisco secure desktop/3.6.1001
- version/cisco secure desktop/3.6.2002
- version/cisco secure desktop/3.6.3002
- version/cisco secure desktop/3.6.4021
- version/cisco secure desktop/3.6.5005