This Metasploit module exploits a vulnerability in the Cisco AnyConnect VPN client vpnweb.ocx ActiveX control. This control is typically used to install the VPN client. An attacker can set the 'url' property which is where the control tries to locate the files needed to install the client. The control tries to download two files from the site specified within the 'url' property. One of these files it will be stored in a temporary directory and executed.
ef1996fa8324f29a9b671331d440a114bd14ca14534139ba1cdb0b9541a1ba33
iDefense Security Advisory 06.01.11 - Remote exploitation of a design error within Cisco Systems Inc's AnyConnect VPN client allows attackers to execute arbitrary code with the privileges of a user running Internet Explorer. Cisco AnyConnect VPN client versions prior to 2.3.185 for Windows, 2.5.3041 and 3.0.629 for Linux and Apple Mac OS X are vulnerable.
96607ad5bdb47410c34ae00de556f9b206fa53b2e1d72debfc2be9cac1c836fd
Cisco Security Advisory - The Cisco AnyConnect Secure Mobility Client, previously known as the Cisco AnyConnect VPN Client, is affected by arbitrary program execution and local privilege escalation vulnerabilities. There are no workarounds for the vulnerabilities described in this advisory.
b6f62c24ad600052d82c60490ef64ffb9b47d1a6b4fbb76139a5453a3b92aadf