Added: 08/22/2008
CVE: CVE-2008-3558
BID: 30578
OSVDB: 47344
The WebEx Meeting Manager is automatically installed when a user starts or joins a meeting.
A buffer overflow vulnerability in the **atucfobj.dll**
ActiveX control allows command execution when a user loads a web page which calls the **NewObject**
method with a specially crafted parameter.
Remove the WebEx Meeting Manager. A fixed version will be installed the next time a user starts or joins a meeting hosted by a WebEx server running a fixed software version.
<http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0084.html>
<http://www.cisco.com/warp/public/707/cisco-sa-20080814-webex.shtml>
Exploit works on WebEx Meeting Manager 20.2008.2601.4928 and requires a user to load the exploit page in Internet Explorer.
Windows