Arbitrary Code Execution Vulnerability in Cisco Secure Desktop WebLaunch Feature

Arbitrary Code Execution Vulnerability in Cisco Secure Desktop WebLaunch Feature

CVE-2012-4655 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.

Learn more about our Cis Benchmark Audit For Cisco.