Описание
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-2039
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67739
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909
- http://osvdb.org/72714
- http://securityreason.com/securityalert/8272
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml
- http://www.kb.cert.org/vuls/id/490097
- http://www.securitytracker.com/id?1025591
Связанные уязвимости
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.