{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-09-19T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"}, {"name": "50669", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50669"}, {"name": "securedesktop-weblaunch-code-execution(78677)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78677"}, {"name": "55606", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/55606"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2012-4655", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"}, {"name": "50669", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50669"}, {"name": "securedesktop-weblaunch-code-execution(78677)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78677"}, {"name": "55606", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55606"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:42:54.959Z"}, "title": "CVE Program Container", "references": [{"name": "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"}, {"name": "50669", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50669"}, {"name": "securedesktop-weblaunch-code-execution(78677)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78677"}, {"name": "55606", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/55606"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2012-4655", "datePublished": "2012-09-24T17:00:00.000Z", "dateReserved": "2012-08-24T00:00:00.000Z", "dateUpdated": "2024-08-06T20:42:54.959Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "6EE6B79A-FD31-4637-BE22-EEADF63B94FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F2F8EA5-8DEF-48D0-9E7F-6047D4AECC5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*", "matchCriteriaId": "59D841B0-3D1B-4F1C-87F1-D0355955E49C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.33:*:*:*:*:*:*:*", "matchCriteriaId": "F13E414E-E56E-496E-A952-F93DCF1B1BDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.45:*:*:*:*:*:*:*", "matchCriteriaId": "21F5DFB0-21F4-45F7-B4AF-000B24DEA596", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "0D7A8878-2E0F-4140-86DF-75999B47E4F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4932BA9E-4156-4445-93E9-7A9F1D81090B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "3497EB29-C406-44C1-AB28-0DDC4E79A9D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "6C63D54D-6424-4767-9832-41E7F0B1D1E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "F4D4CF6F-2F81-45B0-9B5B-C8D79E74D6F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "AA0286A4-6011-41DF-B607-44CFBBFD437F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.2048:*:*:*:*:*:*:*", "matchCriteriaId": "FE277431-4101-4C0F-91DB-A1C15C0344FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "4142FB07-D5F0-4209-B0DE-67B768D7BDAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5.841:*:*:*:*:*:*:*", "matchCriteriaId": "85641AF5-7A5B-4146-9806-E055420DB3AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5.1077:*:*:*:*:*:*:*", "matchCriteriaId": "7D5FC538-64F7-4F3D-9FAE-82D5015737DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5.2001:*:*:*:*:*:*:*", "matchCriteriaId": "4F72D901-C62C-41A0-8D68-72CB9508E507", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5.2008:*:*:*:*:*:*:*", "matchCriteriaId": "D79AB614-C5B3-4116-B957-A42F6AD0DD6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "9273F0F3-38F2-45AE-8453-1004A7CE91EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.181:*:*:*:*:*:*:*", "matchCriteriaId": "A1A4F9A8-DB02-45A0-ABE4-08683C798CC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.185:*:*:*:*:*:*:*", "matchCriteriaId": "71AF8E5A-42C5-42CB-8890-6F00BC1C471A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.1001:*:*:*:*:*:*:*", "matchCriteriaId": "4CA7E7CD-E877-4868-B868-AF77F931F593", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.2002:*:*:*:*:*:*:*", "matchCriteriaId": "93F2063D-7955-4217-A13D-217ED25C5DAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.3002:*:*:*:*:*:*:*", "matchCriteriaId": "BA30F821-2963-4431-B25F-BB061CBCBE27", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.4021:*:*:*:*:*:*:*", "matchCriteriaId": "689D7A99-1CB3-4930-8A0B-466DDC718D6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.5005:*:*:*:*:*:*:*", "matchCriteriaId": "2D9C94C7-3E8A-4E3A-A88F-648F755D3C3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204."}, {"lang": "es", "value": "La funcionalidad WebLaunch en Cisco Secure Desktop antes de v3.6.6020 no valida adecuadamente los binarios recibidos por el proceso de descarga, lo que permite a cualquier atacante ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores relacionados con (1) ActiveX o (2) componentes Java. El problema esta identificado con los Bug IDs CSCtz76128 y CSCtz78204."}], "id": "CVE-2012-4655", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-09-24T17:55:07.157", "references": [{"source": "psirt@cisco.com", "url": "http://secunia.com/advisories/50669"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"}, {"source": "psirt@cisco.com", "url": "http://www.securityfocus.com/bid/55606"}, {"source": "psirt@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78677"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/50669"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/55606"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78677"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}