9.3
CVSSv2

CVE-2012-4655

Published: 24/09/2012 Updated: 29/08/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

The WebLaunch feature in Cisco Secure Desktop prior to 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote malicious users to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

cisco secure desktop 3.4

cisco secure desktop 3.1.1.45

cisco secure desktop 3.6.3002

cisco secure desktop 3.2

cisco secure desktop 3.6

cisco secure desktop 3.5.2008

cisco secure desktop 3.4.2

cisco secure desktop 3.6.181

cisco secure desktop 3.1.1

cisco secure desktop 3.6.185

cisco secure desktop 3.1

cisco secure desktop 3.5.841

cisco secure desktop 3.4.2048

cisco secure desktop 3.4.1

cisco secure desktop 3.2.1

cisco secure desktop 3.5

cisco secure desktop 3.6.4021

cisco secure desktop 3.1.1.27

cisco secure desktop 3.1.1.33

cisco secure desktop 3.6.1001

cisco secure desktop 3.3

cisco secure desktop 3.6.2002

cisco secure desktop 3.6.5005

cisco secure desktop 3.5.2001

cisco secure desktop 3.5.1077

Vendor Advisories

The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities: Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerability Cisco AnyConnect Secure Mobility Client VPN Downloader Software Downgrade Vulnerability Cisco AnyConnect Secure Mobility Client and Cisco Secure Deskto ...