WebEx Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BID:30578
Info
WebEx Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 30578 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2008-2737 CVE-2008-3558 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 06 2008 12:00AM |
| Updated: | Mar 05 2010 05:41AM |
| Credit: | Elazar Broad |
| Vulnerable: |
WebEx Meeting Manager 'atucfobj.dll' 20.2008.2601 .4928 |
| Not Vulnerable: |
WebEx Meeting Manager 'atucfobj.dll' 20.2008.2606 .4919 |
Discussion
WebEx Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow Vulnerability
WebEx Meeting Manager is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. This issue affects the 'atucfobj.dll' ActiveX control library.
An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
'atucfobj.dll' 20.2008.2601.4928 is vulnerable; other versions may also be affected.
The vulnerable versions of the ActiveX control are hosted by WebEx meeting service servers running WBS 23, 25, and 26 prior to 26.49.9.2838.
WebEx Meeting Manager is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. This issue affects the 'atucfobj.dll' ActiveX control library.
An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
'atucfobj.dll' 20.2008.2601.4928 is vulnerable; other versions may also be affected.
The vulnerable versions of the ActiveX control are hosted by WebEx meeting service servers running WBS 23, 25, and 26 prior to 26.49.9.2838.
Exploit / POC
WebEx Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow Vulnerability
The following exploits are available:
NOTE: On August 22, 2008, Symantec observed active, in-the-wild exploits of this issue.
The following exploits are available:
NOTE: On August 22, 2008, Symantec observed active, in-the-wild exploits of this issue.
Solution / Fix
WebEx Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow Vulnerability
Solution:
The vendor has released an advisory and fixes to address this issue. Fixes will be automatically distributed to customers who join WebEx meeting that is hosted by a server with fixed software.
Please note that manual upgrades are also possible. See the workaround section of the vendor advisory for details.
Solution:
The vendor has released an advisory and fixes to address this issue. Fixes will be automatically distributed to customers who join WebEx meeting that is hosted by a server with fixed software.
Please note that manual upgrades are also possible. See the workaround section of the vendor advisory for details.
References
WebEx Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow Vulnerability
References:
References:
- [Full-disclosure] Webex atucfobj Module ActiveX Control Buffer Overflow Vulnerab ( Elazar Broad (elazarhushmail.com))
- Downloads Page (WebEx)
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Vendor Homepage (WebEx)
- VU#661827 - Cisco WebEx Meeting Manager WebexUCFObject ActiveX Control stack buf (US-CERT)