what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

webex-overflow.txt

webex-overflow.txt
Posted Aug 6, 2008
Authored by Elazar Broad

The Webex Meeting Manager utilizes several ActiveX controls, one of which is vulnerable to a stack based buffer overflow. The atucfobj Module contains a single method called NewObject() who's only parameter is vulnerable to this issue.

tags | advisory, overflow, activex
SHA-256 | 59ed4c8c159f8391f384540b98af79d0c0a34c51e5561014af355d1b1ad355ad

webex-overflow.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Who:
Webex
http://www.webex.com/

What:
Webex Meeting Manager
http://support.webex.com/support/downloads.html

How:
The Webex Meeting Manager utilizes several ActiveX controls, one of
which is vulnerable to a stack based buffer overflow. The atucfobj
Module contains a single method called NewObject() who's only
parameter is vulnerable to this issue.

This issue has been confirmed in version 20.2008.2601.4928, prior
versions are believed to vulnerable as well.

atucfobj.dll version 20.2008.2601.4928
{32E26FD9-F435-4A20-A561-35D4B987CFDC}

Fix:
The vendor has released version 20.2008.2606.4919 of this control,
which fixes this issue. The control should be updated when the user
joins a meeting.

Workaround:
Set the killbit for the affected control. See
http://support.microsoft.com/kb/240797

Credit:
When I reported this issue to the vendor, they had stated that they
were aware of it, but would not say whether it was the result of an
internal audit or an independent researcher.

Timeline:
06/20/2008 -> Issue reported to the vendor
06/21/2008 <- Vendor responds asking for further details
06/22/2008 -> Details sent with PoC
06/25/2008 <- Vendor responds stating that they are aware of this
issue
08/06/2008 - Disclosure

Elazar

-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQECAAYFAkiZ3PAACgkQi04xwClgpZiyOgP8CM9oC+m3tr5TBU6ZbvacAcq/SqXu
zIUjqfGWz/GNaRRXISzPLrp7aYwepxXL/uxp+zmHR+h0phGOf2FoLmuBY1g3WULmaFu1
oQbGbVfNuS21qH/YvC9mWuOFSeoYOogsyKDGX1Iha6jNDsj5+JlbAIsqk9xwyb021eTm
BpGN3W8=
=tQOJ
-----END PGP SIGNATURE-----

--
Hotel pics, info and virtual tours. Click here to book a hotel online.
http://tagline.hushmail.com/fc/Ioyw6h4eRCkjWyUGURkqKkn8TNo5LNJlfxlxQ4nlv0rtj3ey80N9EU/

Login or Register to add favorites

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close