SAINT CorporationSAINT:F11A37ED446005389B16F32D483CD7E3WebEx Meeting Manager atucfobj.dll ActiveX buffer overflow
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.925 High
EPSS
Percentile
99.0%
Added: 08/22/2008
CVE: CVE-2008-3558
BID: 30578
OSVDB: 47344
Background
The WebEx Meeting Manager is automatically installed when a user starts or joins a meeting.
Problem
A buffer overflow vulnerability in the **atucfobj.dll** ActiveX control allows command execution when a user loads a web page which calls the **NewObject** method with a specially crafted parameter.
Resolution
Remove the WebEx Meeting Manager. A fixed version will be installed the next time a user starts or joins a meeting hosted by a WebEx server running a fixed software version.
References
<http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0084.html>
<http://www.cisco.com/warp/public/707/cisco-sa-20080814-webex.shtml>
Limitations
Exploit works on WebEx Meeting Manager 20.2008.2601.4928 and requires a user to load the exploit page in Internet Explorer.
Platforms
Windows
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.925 High
EPSS
Percentile
99.0%