"The problem is located in a Cisco port forwarding ActiveX control -- distributed to client systems by ASA as part of the Clientless VPN feature -- that can be used to cause a buffer overflow," The H Security reports. "For an attack to be successful, a victim must first visit a specially crafted web page in Internet Explorer or another web browser that supports ActiveX technologies."
"The company has released software updates that address the issue; for those who can't yet upgrade, workarounds are provided in the Cisco security advisory," the article states.
Go to "Cisco closes holes in its Security Appliances" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.