cbcvebase.
CVE-2011-2039
published 2011-06-02

CVE-2011-2039: The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads…

high7.6CVSS 3.1
AVNACHAuNCCICAC
EXPLOIT
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.

Affected

9 ranges
VendorProductVersion rangeFixed in
ciscoanyconnect_secure_mobility
ciscoanyconnect_secure_mobility_client<= 2.3
ciscoanyconnect_secure_mobility_client
ciscoanyconnect_secure_mobility_client
ciscoanyconnect_secure_mobility_client
ciscoanyconnect_secure_mobility_client
ciscoanyconnect_secure_mobility_client
ciscoanyconnect_secure_mobility_client
ciscoanyconnect_secure_mobility_client