CVE-2011-0926

Sažetak

A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.

Reference

http://securityreason.com/securityalert/8105
http://www.securityfocus.com/archive/1/516647/100/0/threaded
http://www.securityfocus.com/bid/46536
http://www.securitytracker.com/id?1025118
http://www.vupen.com/english/advisories/2011/0513
http://www.zerodayinitiative.com/advisories/ZDI-11-091/
https://exchange.xforce.ibmcloud.com/vulnerabilities/65755

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

09-10-2018 - 19:30

Objavljeno

25-02-2011 - 18:00