mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
82 lines
2.7 KiB
JSON
82 lines
2.7 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "psirt@cisco.com",
|
|
"ID": "CVE-2010-0589",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "20100414 Cisco Secure Desktop ActiveX Control Code Execution Vulnerability",
|
|
"refsource": "CISCO",
|
|
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.shtml"
|
|
},
|
|
{
|
|
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-072/",
|
|
"refsource": "MISC",
|
|
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-072/"
|
|
},
|
|
{
|
|
"name": "39478",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/39478"
|
|
},
|
|
{
|
|
"name": "cisco-csdwebinstaller-code-execution(57812)",
|
|
"refsource": "XF",
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57812"
|
|
},
|
|
{
|
|
"name": "1023881",
|
|
"refsource": "SECTRACK",
|
|
"url": "http://securitytracker.com/id?1023881"
|
|
}
|
|
]
|
|
}
|
|
} |