CVE-2010-0589

Name of the Vulnerable Software and Affected Versions Cisco Secure Desktop versions prior to 3.5.841

Description The issue concerns the Web Install ActiveX control in Cisco Secure Desktop, which fails to properly verify the signatures of downloaded programs. This allows remote attackers to force the download and execution of arbitrary files via a crafted web page.

Recommendations For versions prior to 3.5.841, update to version 3.5.841 or later to resolve the issue. As a temporary workaround, consider disabling the use of the CSDWebInstaller ActiveX control until a patch is applied. Restrict access to web pages that could potentially exploit this issue to minimize the risk of remote code execution.