Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.
secunia.com/advisories/26459
securityreason.com/securityalert/3023
securitytracker.com/id?1018573
www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml
www.securityfocus.com/archive/1/476812/100/0/threaded
www.securityfocus.com/bid/25332
www.vupen.com/english/advisories/2007/2903
exchange.xforce.ibmcloud.com/vulnerabilities/36032