CVE-2011-2039

Name of the Vulnerable Software and Affected Versions Cisco AnyConnect Secure Mobility Client versions prior to 2.3.185

Description The issue allows remote attackers to execute arbitrary code due to the helper application downloading a client executable file without verifying its authenticity. This is achieved via the url property to a certain ActiveX control in vpnweb.ocx.

Recommendations For versions prior to 2.3.185, update to version 2.3.185 or later to resolve the issue. As a temporary workaround, consider restricting access to the vpnweb.ocx ActiveX control to minimize the risk of exploitation.