CVE-2011-0926 Information

Description

A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program which allows remote attackers to execute arbitrary code by spoofing the CSD installation process a different vulnerability than CVE-2010-0589.

Reference

http://securityreason.com/securityalert/8105 http://www.securityfocus.com/archive/1/516647/100/0/threaded http://www.securityfocus.com/bid/46536 http://www.securitytracker.com/id?1025118 http://www.vupen.com/english/advisories/2011/0513 http://www.zerodayinitiative.com/advisories/ZDI-11-091/ https://exchange.xforce.ibmcloud.com/vulnerabilities/65755