PROBLEM:
Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability
PLATFORM:
Cisco Adaptive Security Appliance (ASA) 7.x, Cisco Adaptive Security Appliance (ASA) 8.x, Cisco ASA 5500 Series Adaptive Security Appliances
ABSTRACT:
A vulnerability was reported in Cisco ASA. A remote user can cause arbitrary code to be executed on the target user's system.
referenceĀ LINKS:
Secunia Advisory SA48422
SecurityTracker Alert ID: 1026799
CVE-2012-0358
IMPACT ASSESSMENT:
High
Discussion:
A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a buffer overflow in the Clientless VPN ActiveX control (cscopf.ocx) and execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
Impact:
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:
The vendor has issued a fix (7.2(5.7), 8.2(5.26), 8.4(3.8), 8.5(1.7), 8.6(1.1)).