|Check Point Reference:||CPAI-2011-238|
|Date Published:||16 May 2011|
|Last Updated:||17 Feb 2016|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||Cisco Secure Desktop is multipurpose client-side VPN software that is used in a broader enterprise context.A remote code execution vulnerability exists in Cisco Secure Desktop. The vulnerability is due to a lack of validation of executables downloaded by the Secure Desktop Web CSDWebInstaller.ocx ActiveX control. A remote attacker could trigger this flaw by convincing a victim to open a malicious HTML and executable file that contains a malformed record. This vulnerability may be exploited by remote attackers to execute arbitrary code on the affected system by enticing a user to visit a malicious web page.|
This protection will detect and block the vulnerable ActiveX control.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Cisco Protection Violation.
Attack Information: Cisco Secure Desktop CSDWebInstaller code execution