Vulnerability Details CVE-2012-4655
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.3%
CVSS Severity
CVSS v2 Score 9.3
References
- http://secunia.com/advisories/50669
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
- http://www.securityfocus.com/bid/55606
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78677
- http://secunia.com/advisories/50669
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
- http://www.securityfocus.com/bid/55606
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78677
Products affected by CVE-2012-4655
-
cpe:2.3:a:cisco:secure_desktop:3.1
-
cpe:2.3:a:cisco:secure_desktop:3.1.1
-
cpe:2.3:a:cisco:secure_desktop:3.1.1.27
-
cpe:2.3:a:cisco:secure_desktop:3.1.1.33
-
cpe:2.3:a:cisco:secure_desktop:3.1.1.45
-
cpe:2.3:a:cisco:secure_desktop:3.2
-
cpe:2.3:a:cisco:secure_desktop:3.2.1
-
cpe:2.3:a:cisco:secure_desktop:3.3
-
cpe:2.3:a:cisco:secure_desktop:3.4
-
cpe:2.3:a:cisco:secure_desktop:3.4.1
-
cpe:2.3:a:cisco:secure_desktop:3.4.2
-
cpe:2.3:a:cisco:secure_desktop:3.4.2048
-
cpe:2.3:a:cisco:secure_desktop:3.5
-
cpe:2.3:a:cisco:secure_desktop:3.5.1077
-
cpe:2.3:a:cisco:secure_desktop:3.5.2001
-
cpe:2.3:a:cisco:secure_desktop:3.5.2008
-
cpe:2.3:a:cisco:secure_desktop:3.5.841
-
cpe:2.3:a:cisco:secure_desktop:3.6
-
cpe:2.3:a:cisco:secure_desktop:3.6.1001
-
cpe:2.3:a:cisco:secure_desktop:3.6.181
-
cpe:2.3:a:cisco:secure_desktop:3.6.185
-
cpe:2.3:a:cisco:secure_desktop:3.6.2002
-
cpe:2.3:a:cisco:secure_desktop:3.6.3002
-
cpe:2.3:a:cisco:secure_desktop:3.6.4021
-
cpe:2.3:a:cisco:secure_desktop:3.6.5005