CVE-2011-0926

critical

Description

A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/65755

http://www.zerodayinitiative.com/advisories/ZDI-11-091/

http://www.vupen.com/english/advisories/2011/0513

http://www.securitytracker.com/id?1025118

http://www.securityfocus.com/bid/46536

http://www.securityfocus.com/archive/1/516647/100/0/threaded

http://securityreason.com/securityalert/8105

Details

Source: Mitre, NVD

Published: 2011-02-25

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.04521