Microsoft · Internet Explorer · CVE-2010-4506
**Name of the Vulnerable Software and Affected Versions**
Passlogix v-GO Self-Service Password Reset (SSPR) and OEM versions prior to 7.0A
**Description**
The issue allows physically proximate attackers to execute arbitrary programs without authentication. This can be achieved by triggering the use of an invalid SSL certificate and utilizing the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog, which is reachable from the "Certificate Export" wizard.
**Recommendations**
For versions prior to 7.0A, update to version 7.0A or later to resolve the issue.