New Cisco flaw that after the problems related to the  SIP protocol on ISO version 12.x has again stumbled into something decidedly uncomfortable. The Cisco advisory announcing the criticality of the bugs found and the affected software version is the Secure Desktop version 3.5.841.

The details of the problem are derived from the following Security Advisory:

`` A Cisco-signed ActiveX control that is used by Cisco Secure Desktop fails to properly verify the integrity of an executable file that is used by the Cisco Secure Desktop installation process. If an attacker can entice a user to visit an attacker controlled web page, the vulnerable ActiveX control could be invoked to download an attacker-modified package. The package could contain a malicious executable file that executes with the privileges of the affected user. A successful exploit could result in a complete compromise of a vulnerable system. This vulnerability is documented in Cisco Bug ID CSCta25876 ( registered customers only) and has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2010-0589. ``

It's basically an exploit that allows an attacker to execute arbitrary code under the same privileges currently granted to that user on the local machine using a Actice X control that fails to monitor the integrity of an executable being used installation.

More details you can find at these locations:

Security Advisory | Vulnerability report ( PDF )

Comments

wedding invitations

0

 

 

Thank you for wonderful post

Wednesday 19 May 2010, 10:29

Post Reply

Name *
Email (For verification & Replies)
URL
Code   
ChronoComments by Joomla Professional Solutions

Submit Comment

Cancel

Name *
Email (For verification & Replies)
URL
Code   
ChronoComments by Joomla Professional Solutions

Submit Comment