An attacker can set the 'url' property which is where the control tries to locate the files needed to install the client. This control is typically used to install the VPN client. Tested on Windows XP SP3 With Cisco An圜onnect VPN Client Description : This module exploits a vulnerability in the Cisco An圜onnect VPN client vpnweb.ocx ActiveX control. Description: Timeline : Vulnerability discovered by Elazar Broad and submitted to iDefense Labs Initial vulnerability notification to Cisco the Public release of Cisco Security Advisory Metasploit PoC provided by bannedit the PoC provided by: bannedit Reference(s) : CVE-2011-2039 OSVDB-72714 CISCO-SA-20110601-AC Affected versions : For Windows all versions prior to 2.3.185 For Linux, Apple Mac OS X all versions in major releases other than 2.5.x and 3.0.x 2.5.x releases prior to 3.0.x releases prior to 3.0.629 Microsoft Windows Mobile versions are affected, but no updated are planned.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |