Signature Detail
Short Name |
HTTP:STC:ACTIVEX:CISCO-CSD-WEB |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Cisco Secure Desktop CSDWebInstaller ActiveX Code Execution |
Release Date |
2011/03/31 |
Update Number |
1892 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Cisco Secure Desktop CSDWebInstaller ActiveX Code Execution
This signature detects attempts to use unsafe ActiveX controls in Cisco Secure Desktop. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser or result in arbitrary code execution.
Extended Description
A Cisco Secure Desktop is prone to a vulnerability that can cause malicious files to be downloaded and saved to arbitrary locations on an affected computer. Attackers may exploit this issue to put malicious files in arbitrary locations on a victim's computer. Successful exploits will allow attackers to execute arbitrary code within the context of the currently logged-in user.
Affected Products
- Cisco Secure Desktop 3.1
- Cisco Secure Desktop 3.1.1
- Cisco Secure Desktop 3.1.1.27
- Cisco Secure Desktop 3.1.1.33
- Cisco Secure Desktop 3.1.1.45
- Cisco Secure Desktop 3.2
- Cisco Secure Desktop 3.4.2048
- Cisco Secure Desktop 3.5.1077
- Cisco Secure Desktop 3.5.841
- Cisco Secure Desktop 3.5.841
References
- BugTraq: 46536
- CVE: CVE-2011-0926