CVE-2012-4655

The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
ciscosecure_desktop
3.1
ciscosecure_desktop
3.1.1
ciscosecure_desktop
3.1.1.27
ciscosecure_desktop
3.1.1.33
ciscosecure_desktop
3.1.1.45
ciscosecure_desktop
3.2
ciscosecure_desktop
3.2.1
ciscosecure_desktop
3.3
ciscosecure_desktop
3.4
ciscosecure_desktop
3.4.1
ciscosecure_desktop
3.4.2
ciscosecure_desktop
3.4.2048
ciscosecure_desktop
3.5
ciscosecure_desktop
3.5.841
ciscosecure_desktop
3.5.1077
ciscosecure_desktop
3.5.2001
ciscosecure_desktop
3.5.2008
ciscosecure_desktop
3.6
ciscosecure_desktop
3.6.181
ciscosecure_desktop
3.6.185
ciscosecure_desktop
3.6.1001
ciscosecure_desktop
3.6.2002
ciscosecure_desktop
3.6.3002
ciscosecure_desktop
3.6.4021
ciscosecure_desktop
3.6.5005
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/50669
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
http://www.securityfocus.com/bid/55606
https://exchange.xforce.ibmcloud.com/vulnerabilities/78677
http://secunia.com/advisories/50669
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
http://www.securityfocus.com/bid/55606
https://exchange.xforce.ibmcloud.com/vulnerabilities/78677