Executive Summary
Summary | |
---|---|
Title | Cisco WebEx Meeting Manager WebexUCFObject ActiveX Control stack buffer overflow |
Informations | |||
---|---|---|---|
Name | VU#661827 | First vendor Publication | 2008-08-15 |
Vendor | VU-CERT | Last vendor Modification | 2008-08-15 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#661827Cisco WebEx Meeting Manager WebexUCFObject ActiveX Control stack buffer overflowOverviewThe WebexUCFObject ActiveX control, which comes with Cisco WebEx Meeting Manager, contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionCisco WebEx is an online meeting and collaboration software package. WebEx Meeting Manager is the client-side application that is used by the WebEx meeting service. WebEx Meeting Manager includes an ActiveX control called WebexUCFObject, which is provided by the file atucfobj.dll. The WebexUCFObject ActiveX control contains a stack buffer overflow in the NewObject() method.Limited testing has indicated that not every version of the WebexUCFObject ActiveX control is marked as Safe For Scripting, which means that some versions of the control may not be exploitable by using a default configuration of Internet Explorer. The Cisco Security Advisory indicates that WBS 23, WBS25, and WBS26 are vulnerable. The Cisco Security Advisory indicates that WebEx meeting participants will automatically receive a fixed version of atucfobj.dll when they join a meeting on a server with fixed software. Version 26.49.9.2838 is the first fixed version for WBS 26 users.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}] "Compatibility Flags"=dword:00000400 Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document. Systems Affected
References
This vulnerability was publicly reported by Elazar Broad. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/661827 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
SAINT Exploits
Description | Link |
---|---|
WebEx Meeting Manager atucfobj.dll ActiveX buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
47344 | Cisco Webex Meeting Manager WebexUCFObject ActiveX (atucfobj.dll) NewObject()... A stack-based buffer overflow vulnerability exists in the sole parameter of the NewObject() method. By passing a string of 236 characters or longer, it is possible to overwrite the methods return pointer and thereby control the programs execution flow. This issue can be exploited by a context-dependent attacker to execute arbitrary code in the context of the user running the host application, typically Internet Explorer. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Cisco WebEx Meeting Manager atucfobj ActiveX function call access RuleID : 27782 - Revision : 5 - Type : BROWSER-PLUGINS |
2014-01-10 | Cisco WebEx Meeting Manager atucfobj ActiveX clsid access RuleID : 27781 - Revision : 5 - Type : BROWSER-PLUGINS |
2014-01-10 | obfuscated instantiation of ActiveX object - likely malicious RuleID : 17571 - Revision : 9 - Type : BROWSER-PLUGINS |
2014-01-10 | WebEx Meeting Manager atucfobj ActiveX function call unicode access RuleID : 14016 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Cisco WebEx Meeting Manager atucfobj ActiveX function call access RuleID : 14015 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | WebEx Meeting Manager atucfobj ActiveX clsid unicode access RuleID : 14014 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Cisco WebEx Meeting Manager atucfobj ActiveX clsid access RuleID : 14013 - Revision : 14 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-08-11 | Name : The remote Windows host has an ActiveX control that is affected by a buffer o... File : webex_atucfobj_bof.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 00:57:17 |
|