This host is installed with Cisco ASMC/Hostscan/Secure Desktop or Cisco ActiveX controls and is prone to multiple vulnerabilities.

Successful exploitation will let the remote attackers execute arbitrary code and can compromise a vulnerable system. Impact Level: System/Application

Upgrade to AnyConnect 3.0 MR8 (3.0.08057), Hostscan 3.0 MR8 (3.0.08062) and Cisco Secure Desktop 3.6.6020 or later, http://www.cisco.com/ Workaround: Set the killbit for the following CLSIDs, {705ec6d4-b138-4079-a307-ef13e4889a82} {f8fc1530-0608-11df-2008-0800200c9a66} {e34f52fe-7769-46ce-8f8b-5e8abad2e9fc} {55963676-2f5e-4baf-ac28-cf26aa587566} {cc679cb8-dc4b-458b-b817-d447b3b6ac31} ***** NOTE: Ignore this warning, if upgraded to above mentioned versions. *****

Multiple flaws are due to, - An insufficient validation of input by the Cisco AnyConnect Secure Mobility Client WebLaunch component. - An improper sanitization of user-supplied input by the affected software's download feature.

Cisco Hostscan version 3.x before 3.0 MR8 Cisco AnyConnect VPN before 3.0 MR8 (3.0.08057) Cisco AnyConnect Secure Mobility Client version 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Windows

• http://technet.microsoft.com/en-us/security/advisory/2736233
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
• http://tools.cisco.com/security/center/viewAlert.x?alertId=26196
• http://tools.cisco.com/security/center/viewAlert.x?alertId=26197
• http://tools.cisco.com/security/center/viewAlert.x?alertId=26198
• http://tools.cisco.com/security/center/viewAlert.x?alertId=26199

---

Updated on 2015-03-25