Executive Summary

Informations
Name CVE-2008-3558 First vendor Publication 2008-08-08
Vendor Cve Last vendor Modification 2017-09-29

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3558

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

SAINT Exploits

Description Link
WebEx Meeting Manager atucfobj.dll ActiveX buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

Id Description
47344 Cisco Webex Meeting Manager WebexUCFObject ActiveX (atucfobj.dll) NewObject()...

A stack-based buffer overflow vulnerability exists in the sole parameter of the NewObject() method. By passing a string of 236 characters or longer, it is possible to overwrite the methods return pointer and thereby control the programs execution flow. This issue can be exploited by a context-dependent attacker to execute arbitrary code in the context of the user running the host application, typically Internet Explorer.

Snort® IPS/IDS

Date Description
2014-01-10 Cisco WebEx Meeting Manager atucfobj ActiveX function call access
RuleID : 27782 - Revision : 5 - Type : BROWSER-PLUGINS
2014-01-10 Cisco WebEx Meeting Manager atucfobj ActiveX clsid access
RuleID : 27781 - Revision : 5 - Type : BROWSER-PLUGINS
2014-01-10 obfuscated instantiation of ActiveX object - likely malicious
RuleID : 17571 - Revision : 9 - Type : BROWSER-PLUGINS
2014-01-10 WebEx Meeting Manager atucfobj ActiveX function call unicode access
RuleID : 14016 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Cisco WebEx Meeting Manager atucfobj ActiveX function call access
RuleID : 14015 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 WebEx Meeting Manager atucfobj ActiveX clsid unicode access
RuleID : 14014 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Cisco WebEx Meeting Manager atucfobj ActiveX clsid access
RuleID : 14013 - Revision : 14 - Type : BROWSER-PLUGINS

Nessus® Vulnerability Scanner

Date Description
2008-08-11 Name : The remote Windows host has an ActiveX control that is affected by a buffer o...
File : webex_atucfobj_bof.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/30578
CERT-VN http://www.kb.cert.org/vuls/id/661827
CISCO http://www.cisco.com/en/US/products/products_security_advisory09186a00809e200...
EXPLOIT-DB https://www.exploit-db.com/exploits/6220
FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html
SECTRACK http://www.securitytracker.com/id?1020641
SECUNIA http://secunia.com/advisories/31397
VUPEN http://www.vupen.com/english/advisories/2008/2319
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/44250

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2021-05-04 12:07:53
  • Multiple Updates
2021-04-22 01:08:15
  • Multiple Updates
2020-05-23 13:16:51
  • Multiple Updates
2020-05-23 00:22:05
  • Multiple Updates
2017-09-29 09:23:40
  • Multiple Updates
2017-08-08 09:24:18
  • Multiple Updates
2016-04-26 17:43:14
  • Multiple Updates
2014-02-17 10:46:00
  • Multiple Updates
2014-01-19 21:25:09
  • Multiple Updates
2013-05-11 00:23:04
  • Multiple Updates