Summary
This host is installed with Cisco Adaptive Security Appliance and is prone to activeX control remote code execution vulnerability.
Impact
Successful exploitation will let the attacker execute arbitrary codes on the affected machine.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://support.microsoft.com/kb/2695962
Insight
The flaw is due to Cisco Adaptive Security Appliances (Cisco ASA), uses an ActiveX control on client systems to perform port forwarding operations. Microsoft ActiveX technology may be affected if the system has ever connected to a device that is running the Cisco Clientless VPN solution.
Affected
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior Microsoft Windows XP Service Pack 2 and prior for x64-based Systems Microsoft Windows Server 2008 R2 Service Pack 1 and prior for x64-based Systems
References
Severity
Classification
-
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
- Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)
- Adobe Air Multiple Vulnerabilities -01 August 12 (Mac OS X)
- Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
- Adobe AIR Multiple Vulnerabilities-01 Jan15 (Mac OS X)