The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2011-06-02T19:00:00

Updated: 2024-08-06T22:46:00.841Z

Reserved: 2011-05-10T00:00:00

Link: CVE-2011-2039

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2011-06-02T19:55:04.373

Modified: 2024-11-21T01:27:30.420

Link: CVE-2011-2039

cve-icon Redhat

No data.