CVE-2011-0925

Cisco Secure Desktop CSDWebInstaller ActiveX Control Cleaner.cab Remote Code Execution Vulnerability

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926.

El control CSDWebInstallerCtrl ActiveX en CSDWebInstaller.ocx en Cisco Secure Desktop (CSD) permite a atacantes remotos descargar un programa Cisco no deseado en un equipo cliente, y ejecutar este programa, mediante la identificación de un programa Cisco con una firma digital Cisco y después renombrando este programa a inst.exe, una vulnerabilidad diferente que CVE-2010-0589 y CVE-2011-0926.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within CSDWebInstaller.ocx. The CSDWebInstallerCtrl ActiveX control allows downloading and executing any Cisco-signed executable files. By renaming a Cisco-signed executable file to inst.exe and putting it on a webserver, an attacker can subsequently exploit vulnerabilities in the Cisco-signed executable file remotely.

*Credits: Anonymous

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-02-10 CVE Reserved
2011-02-24 CVE Published
2024-03-16 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (7)

URL	Tag	Source
http://securityreason.com/securityalert/8108	Third Party Advisory
http://www.securityfocus.com/archive/1/516648/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/46538	Vdb Entry
http://www.securitytracker.com/id?1025118	Vdb Entry
http://www.vupen.com/english/advisories/2011/0513	Vdb Entry
http://zerodayinitiative.com/advisories/ZDI-11-092	X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/65754	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Secure Desktop Search vendor "Cisco" for product "Secure Desktop"				*		-		Affected