CVE-2010-0589

Cisco Secure Desktop < 3.5.841 - Remote Code Execution via Web Install ActiveX Control

Title source: llm
STIX 2.1

Description

The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876.

References (5)

Core 5
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.shtml
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-072/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39478
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57812
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023881

Scores

EPSS 0.0476
EPSS Percentile 90.8%

Details

CWE
CWE-20
Status published
Products (12)
cisco/secure_desktop 3.1
cisco/secure_desktop 3.1.1
cisco/secure_desktop 3.1.1.27
cisco/secure_desktop 3.1.1.33
cisco/secure_desktop 3.2
cisco/secure_desktop 3.2.1
cisco/secure_desktop 3.3
cisco/secure_desktop 3.4
cisco/secure_desktop 3.4.1
cisco/secure_desktop 3.4.2
... and 2 more
Published Apr 15, 2010
Tracked Since Feb 18, 2026