VIR Vulnerability Intelligence Relay

CVE-2012-4655

critical
Published 2012-09-24 · Modified 2026-04-29
CVSS v3
CVSS v2
9.3
VIR risk
9.3

Description

The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

Application impact
VendorProductVersionsFixed
cisco ciscosecure_desktop3.1
cisco ciscosecure_desktop3.1.1
cisco ciscosecure_desktop3.1.1.27
cisco ciscosecure_desktop3.1.1.33
cisco ciscosecure_desktop3.1.1.45
cisco ciscosecure_desktop3.2
cisco ciscosecure_desktop3.2.1
cisco ciscosecure_desktop3.3
cisco ciscosecure_desktop3.4
cisco ciscosecure_desktop3.4.1
cisco ciscosecure_desktop3.4.2
cisco ciscosecure_desktop3.4.2048
cisco ciscosecure_desktop3.5
cisco ciscosecure_desktop3.5.841
cisco ciscosecure_desktop3.5.1077
cisco ciscosecure_desktop3.5.2001
cisco ciscosecure_desktop3.5.2008
cisco ciscosecure_desktop3.6
cisco ciscosecure_desktop3.6.181
cisco ciscosecure_desktop3.6.185
cisco ciscosecure_desktop3.6.1001
cisco ciscosecure_desktop3.6.2002
cisco ciscosecure_desktop3.6.3002
cisco ciscosecure_desktop3.6.4021
cisco ciscosecure_desktop3.6.5005

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.