First published: Mon Sep 24 2012(Updated: )
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Secure Desktop | =3.1 | |
Cisco Secure Desktop | =3.1.1 | |
Cisco Secure Desktop | =3.1.1.27 | |
Cisco Secure Desktop | =3.1.1.33 | |
Cisco Secure Desktop | =3.1.1.45 | |
Cisco Secure Desktop | =3.2 | |
Cisco Secure Desktop | =3.2.1 | |
Cisco Secure Desktop | =3.3 | |
Cisco Secure Desktop | =3.4 | |
Cisco Secure Desktop | =3.4.1 | |
Cisco Secure Desktop | =3.4.2 | |
Cisco Secure Desktop | =3.4.2048 | |
Cisco Secure Desktop | =3.5 | |
Cisco Secure Desktop | =3.5.841 | |
Cisco Secure Desktop | =3.5.1077 | |
Cisco Secure Desktop | =3.5.2001 | |
Cisco Secure Desktop | =3.5.2008 | |
Cisco Secure Desktop | =3.6 | |
Cisco Secure Desktop | =3.6.181 | |
Cisco Secure Desktop | =3.6.185 | |
Cisco Secure Desktop | =3.6.1001 | |
Cisco Secure Desktop | =3.6.2002 | |
Cisco Secure Desktop | =3.6.3002 | |
Cisco Secure Desktop | =3.6.4021 | |
Cisco Secure Desktop | =3.6.5005 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.