CVE-2012-4655

Public PoC / Exploit

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.

Weaknesses (CWE)

CWE-20

Affected Products (25)

cisco · secure_desktopvulnerable

References (8)

http://secunia.com/advisories/50669

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

Vendor Advisory

http://www.securityfocus.com/bid/55606

https://exchange.xforce.ibmcloud.com/vulnerabilities/78677

http://secunia.com/advisories/50669

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

Vendor Advisory

http://www.securityfocus.com/bid/55606

https://exchange.xforce.ibmcloud.com/vulnerabilities/78677