iDefense Security Advisory 11.08.06 – Local exploitation of an insecure permissions vulnerability in Cisco Systems Secure Desktop product could allow privilege escalation attacks to be conducted by local users. When Cisco Secure Desktop Web VPN product is installed on a NTFS formatted drive, permissions are set on all files to grant full control to all users. Certain files run as a system service and can be easily replaced. iDefense has confirmed this vulnerability exists on Cisco Secure Desktop version 3.1.1.27. Previous versions are suspected to be vulnerable.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/51802/11.08.06-2.txt
Source: https://packetstormsecurity.com/files/51802/iDEFENSE-Security-Advisory-2006-11-08.2.html