2 matches found
Cisco AnyConnect elevation of privileges via DLL side loading
------------------------------------------------------------------------ Cisco AnyConnect elevation of privileges via DLL side loading ------------------------------------------------------------------------ Yorick Koster, June 2015...
CVE-2015-6305
CVE-2015-6305 affects Cisco AnyConnect Secure Mobility Client for Windows (versions 2.0–4.1). The issue arises from untrusted search path handling in vpndownloader.exe’s CMainThread::launchDownloader, enabling a local attacker with valid credentials to plant a malicious DLL in the current working...