Lucene search

K
saintSAINT CorporationSAINT:6BFA49558B975C0A10DCE2CF2C0795EB
HistoryAug 22, 2008 - 12:00 a.m.

WebEx Meeting Manager atucfobj.dll ActiveX buffer overflow

2008-08-2200:00:00
SAINT Corporation
download.saintcorporation.com
13

0.925 High

EPSS

Percentile

99.0%

Added: 08/22/2008
CVE: CVE-2008-3558
BID: 30578
OSVDB: 47344

Background

The WebEx Meeting Manager is automatically installed when a user starts or joins a meeting.

Problem

A buffer overflow vulnerability in the **atucfobj.dll** ActiveX control allows command execution when a user loads a web page which calls the **NewObject** method with a specially crafted parameter.

Resolution

Remove the WebEx Meeting Manager. A fixed version will be installed the next time a user starts or joins a meeting hosted by a WebEx server running a fixed software version.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0084.html&gt;
<http://www.cisco.com/warp/public/707/cisco-sa-20080814-webex.shtml&gt;

Limitations

Exploit works on WebEx Meeting Manager 20.2008.2601.4928 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows

0.925 High

EPSS

Percentile

99.0%