Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability
Cisco Adaptive Security Appliance (ASA) 7.x, Cisco Adaptive Security Appliance (ASA) 8.x, Cisco ASA 5500 Series Adaptive Security Appliances
A vulnerability was reported in Cisco ASA. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a buffer overflow in the Clientless VPN ActiveX control (cscopf.ocx) and execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
The vendor has issued a fix (7.2(5.7), 8.2(5.26), 8.4(3.8), 8.5(1.7), 8.6(1.1)).