The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2011-06-02T19:00:00
Updated: 2024-08-06T22:46:00.841Z
Reserved: 2011-05-10T00:00:00
Link: CVE-2011-2039
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-06-02T19:55:04.373
Modified: 2024-11-21T01:27:30.420
Link: CVE-2011-2039
Redhat
No data.