Cisco Secure Desktop CSDWebInstaller code exec

Added: 03/23/2011
CVE: CVE-2011-0926
BID: 46536
OSVDB: 63809


Cisco Secure Desktop is an endpoint security management product that consists of several components, such as Prelogin Assessment/Policies, Host Scan, Cache Cleaner, Secure Desktop (Vault), etc.


Cisco Secure Desktop versions 3.x include an ActiveX control which contains a file upload vulnerability. This vulnerability may be exploited to upload and execute malicious content on the target system. An attacker must persuade the victim to browse to a website controlled by the attacker.


No patches are available for this vulnerability. The vulnerable ActiveX control may be disabled through Internet Explorer by following these Microsoft instructions. The CLSID for the vulnerable control is 705EC6D4-B138-4079-A307-EF13E4889A82.



This exploit works against Cisco Secure Desktop 3.5.841 on Windows XP SP3 English (DEP OptIn) and Windows Vista SP2 English (DEP OptIn).



Back to exploit index