WebEx Meeting Manager atucfobj.dll ActiveX buffer overflow

Added: 08/22/2008
CVE: CVE-2008-3558
BID: 30578
OSVDB: 47344

Background

The WebEx Meeting Manager is automatically installed when a user starts or joins a meeting.

Problem

A buffer overflow vulnerability in the atucfobj.dll ActiveX control allows command execution when a user loads a web page which calls the NewObject method with a specially crafted parameter.

Resolution

Remove the WebEx Meeting Manager. A fixed version will be installed the next time a user starts or joins a meeting hosted by a WebEx server running a fixed software version.

References

http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0084.html
http://www.cisco.com/warp/public/707/cisco-sa-20080814-webex.shtml

Limitations

Exploit works on WebEx Meeting Manager 20.2008.2601.4928 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows

Back to exploit index