Cisco Secure Desktop ActiveX Control Executable File Arbitrary File Download Vulnerability

  Severity: CRITICAL
  CVE Identifier: CVE-2011-0926
  Advisory Date: JUL 21, 2015

  DESCRIPTION

A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1004626
  Trend Micro Deep Security DPI Rule Name: 1004626 - Restrict Cisco Secure Desktop ActiveX Control

  AFFECTED SOFTWARE AND VERSION

  • cisco secure_desktop

Featured Stories