April 16, 2010, 2:48PM
Cisco Plugs Critical Secure Desktop ActiveX Hole
Comment 
The Cisco Secure Desktop contains a vulnerable ActiveX control that could allow an attacker to execute arbitrary code with the privileges of the user who is currently logged into the affected system, according to a warning from the networking vendor.
The company issued a patch alongside a warning that successful exploitation of this vulnerability could result in a "complete compromise of the affected system."
The details from Cisco's advisory:
A Cisco-signed ActiveX control that is used by Cisco Secure Desktop fails to properly verify the integrity of an executable file that is used by the Cisco Secure Desktop installation process. If an attacker can entice a user to visit an attacker controlled web page, the vulnerable ActiveX control could be invoked to download an attacker-modified package. The package could contain a malicious executable file that executes with the privileges of the affected user. A successful exploit could result in a complete compromise of a vulnerable system.
The issue affects Cisco Secure Desktop versions prior to 3.5.841.
Recommended Reads
Commenting on this Article is closed.
Today's Most Popular
- Researchers Discover Android Mobile Botnet 100k Strong
- Phony Temple Run Game For Android Plays On Android-iOS App Gap
- Adobe's Security Chief Talks About Driving Up The Cost of Exploits
- Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit
- Hackers Hit Alabama, Mexican Government Websites
Most Commented Stories
-
Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit (8)
-
Twenty Something Asks Facebook For His File And Gets It - All 1,200 Pages (56)
-
Did Apple, RIM and Nokia Help The Indian Government Spy On The U.S.? (3)
-
Google Begins Security Review Process for Android Apps (2)
-
Costin Raiu on the Timing of the Duqu Attacks (2)
Newsletter Sign-up
Take Our Poll
Follow Threatpost
 |  |  |  |
| Tumblr |
