CVE-2010-0589
Cisco Secure Desktop < 3.5.841 - Remote Code Execution via Web Install ActiveX Control
Title source: llmDescription
The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876.
References (5)
Core 5
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.shtml
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-072/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/39478
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57812
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1023881
Scores
EPSS
0.0476
EPSS Percentile
90.8%
Details
CWE
CWE-20
Status
published
Products (12)
cisco/secure_desktop
3.1
cisco/secure_desktop
3.1.1
cisco/secure_desktop
3.1.1.27
cisco/secure_desktop
3.1.1.33
cisco/secure_desktop
3.2
cisco/secure_desktop
3.2.1
cisco/secure_desktop
3.3
cisco/secure_desktop
3.4
cisco/secure_desktop
3.4.1
cisco/secure_desktop
3.4.2
... and 2 more
Published
Apr 15, 2010
Tracked Since
Feb 18, 2026