CVE-2012-4655

Name of the Vulnerable Software and Affected Versions Cisco Secure Desktop versions prior to 3.6.6020

Description The issue is related to the WebLaunch feature, which does not properly validate binaries received by the downloader process. This allows remote attackers to execute arbitrary code via vectors involving ActiveX or Java components.

Recommendations For versions prior to 3.6.6020, update to version 3.6.6020 or later to resolve the issue. As a temporary workaround, consider disabling the WebLaunch feature until a patch is available. Restrict access to ActiveX and Java components to minimize the risk of exploitation.