CVE-2010-4506 Information

Description

Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a \Save As\ dialog that is reachable from the \Certificate Export\ wizard.

Reference

http://securityreason.com/securityalert/8065 http://www.securityfocus.com/bid/46452 https://exchange.xforce.ibmcloud.com/vulnerabilities/65439 https://www.trustwave.com/spiderlabs/advisories/TWSL2010-007.txt