You are here

U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability

March 16, 2012 - 7:00am

Addthis

PROBLEM:

Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability

PLATFORM:

Cisco Adaptive Security Appliance (ASA) 7.x, Cisco Adaptive Security Appliance (ASA) 8.x, Cisco ASA 5500 Series Adaptive Security Appliances

ABSTRACT:

A vulnerability was reported in Cisco ASA. A remote user can cause arbitrary code to be executed on the target user's system.

referenceĀ  LINKS:

Secunia Advisory SA48422
SecurityTracker Alert ID: 1026799
CVE-2012-0358

IMPACT ASSESSMENT:

High

Discussion:

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a buffer overflow in the Clientless VPN ActiveX control (cscopf.ocx) and execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

Impact:

A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution:

The vendor has issued a fix (7.2(5.7), 8.2(5.26), 8.4(3.8), 8.5(1.7), 8.6(1.1)).

Addthis