WebEx Downloader ActiveX Control Command Injection

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that allows for
arbitrary code execution.

Description :

The Windows remote host contains the WebEx Downloader ActiveX control,
which is used when attending or hosting a meeting using WebEx, a
sharing and conferencing application for Windows.

The version of this ActiveX control on the remote host reportedly
allows an attacker to deliver arbitrary components to the affected
host, which could later be executed subject to the privileges of the
current user.

See also :

http://xforce.iss.net/xforce/alerts/id/226
http://www.zerodayinitiative.com/advisories/ZDI-06-021.html
http://www.nessus.org/u?117b1e78

Solution :

Upgrade to WebEx Downloader plugin 2.1.0.0 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 22047 ()

Bugtraq ID: 18860

CVE ID: CVE-2006-3423

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now