The WebLaunch feature in Cisco Secure Desktop prior to 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote malicious users to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco secure desktop 3.4 |
||
cisco secure desktop 3.1.1.45 |
||
cisco secure desktop 3.6.3002 |
||
cisco secure desktop 3.2 |
||
cisco secure desktop 3.6 |
||
cisco secure desktop 3.5.2008 |
||
cisco secure desktop 3.4.2 |
||
cisco secure desktop 3.6.181 |
||
cisco secure desktop 3.1.1 |
||
cisco secure desktop 3.6.185 |
||
cisco secure desktop 3.1 |
||
cisco secure desktop 3.5.841 |
||
cisco secure desktop 3.4.2048 |
||
cisco secure desktop 3.4.1 |
||
cisco secure desktop 3.2.1 |
||
cisco secure desktop 3.5 |
||
cisco secure desktop 3.6.4021 |
||
cisco secure desktop 3.1.1.27 |
||
cisco secure desktop 3.1.1.33 |
||
cisco secure desktop 3.6.1001 |
||
cisco secure desktop 3.3 |
||
cisco secure desktop 3.6.2002 |
||
cisco secure desktop 3.6.5005 |
||
cisco secure desktop 3.5.2001 |
||
cisco secure desktop 3.5.1077 |