CVE-2007-1066

Name of the Vulnerable Software and Affected Versions: Cisco Secure Services Client (CSSC) versions 4.x Cisco Trust Agent versions 1.x through 2.x Cisco Security Agent (CSA) versions 5.0 through 5.1 Meetinghouse AEGIS SecureConnect Client (affected versions not specified)

Description: The issue allows local users to gain privileges by injecting a thread under ConnectionClient.exe due to an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI.

Recommendations: For Cisco Secure Services Client (CSSC) versions 4.x, update the DACL configuration to secure the connection client GUI. For Cisco Trust Agent versions 1.x through 2.x, modify the default DACL settings to restrict unauthorized access. For Cisco Security Agent (CSA) versions 5.0 through 5.1, reconfigure the DACL for the connection client GUI when a vulnerable Trust Agent has been deployed. For Meetinghouse AEGIS SecureConnect Client, at the moment, there is no information about a newer version that contains a fix for this vulnerability.