← Back

CVE-2012-4655

nvd nist
Published: Sep 24, 2012Modified: Apr 29, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.

Affected (25)

Cisco
1 product
Secure Desktop
Configuration A
25 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Secure Desktop
Version 3.1.1.27
Secure Desktop
Version 3.1.1.33
Secure Desktop
Version 3.1.1.45
Secure Desktop
Version 3.1.1
Secure Desktop
Version 3.1
Secure Desktop
Version 3.2.1
Secure Desktop
Version 3.2
Secure Desktop
Version 3.3
Secure Desktop
Version 3.4.1
Secure Desktop
Version 3.4.2048
Secure Desktop
Version 3.4.2
Secure Desktop
Version 3.4
Secure Desktop
Version 3.5.1077
Secure Desktop
Version 3.5.2001
Secure Desktop
Version 3.5.2008
Secure Desktop
Version 3.5.841
Secure Desktop
Version 3.5
Secure Desktop
Version 3.6.1001
Secure Desktop
Version 3.6.181
Secure Desktop
Version 3.6.185
Secure Desktop
Version 3.6.2002
Secure Desktop
Version 3.6.3002
Secure Desktop
Version 3.6.4021
Secure Desktop
Version 3.6.5005
Secure Desktop
Version 3.6

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

Source: psirt@cisco.com
Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.