Check Point Advisories

Cisco Secure Desktop CSDWebInstaller Code Execution (CVE-2011-0926)

Check Point Reference: CPAI-2011-238
Date Published: 16 May 2011
Severity: Medium
Last Updated: 17 Feb 2016
Industry Reference:CVE-2011-0926
Protection Provided by:

Security Gateway
R80, R77, R76, R75

Who is Vulnerable?
Vulnerability Description Cisco Secure Desktop is multipurpose client-side VPN software that is used in a broader enterprise context.A remote code execution vulnerability exists in Cisco Secure Desktop. The vulnerability is due to a lack of validation of executables downloaded by the Secure Desktop Web CSDWebInstaller.ocx ActiveX control. A remote attacker could trigger this flaw by convincing a victim to open a malicious HTML and executable file that contains a malformed record. This vulnerability may be exploited by remote attackers to execute arbitrary code on the affected system by enticing a user to visit a malicious web page.

Protection Overview

This protection will detect and block the vulnerable ActiveX control.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R76 / R75

  1. In the IPS tab, click Protections and find the Cisco Secure Desktop CSDWebInstaller Code Execution protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

This protection's log will contain the following information:

Attack Name:  Cisco Protection Violation.
Attack Information:  Cisco Secure Desktop CSDWebInstaller code execution

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO