QwikSec

Security Database

CVE

CWE

Training

CVE-2011-0925

Published: Feb 28, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_SECTRACK

20110223 ZDI-11-092: (0day) Cisco Secure Desktop CSDWebInstaller ActiveX Control Cleaner.cab Remote Code Execution Vulnerability

mailing-list

x_refsource_BUGTRAQ

cisco-secure-activex-code-execution(65754)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SREASON

http://zerodayinitiative.com/advisories/ZDI-11-092/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.