CVE-2011-0926

Cisco Secure Desktop - Remote Code Execution via Spoofed CSD Installation Process

Title source: llm
STIX 2.1

Description

A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.

References (7)

Core 7
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0513
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65755
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516647/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8105
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025118
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-11-091/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46536

Scores

EPSS 0.0681
EPSS Percentile 93.3%

Details

CWE
CWE-20
Status published
Products (1)
cisco/secure_desktop
Published Feb 25, 2011
Tracked Since Feb 18, 2026