WebEx Meeting Manager WebexUCFObject ActiveX Control Buffer Overflow

high Nessus Plugin ID 33859

Synopsis

The remote Windows host has an ActiveX control that is affected by a buffer overflow vulnerability.

Description

The atucfobj module of the WebexUCFObject ActiveX control, used by WebEx Meeting Manager and installed on the remote host, reportedly contains a stack-based buffer overflow in its 'NewObject()' method.
If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, this method could be used to execute arbitrary code on the affected system, subject to the user's privileges.

Solution

One solution is to confirm that the WebEx Meeting Service is running a fixed version of the software based on the instructions in Cisco's advisory, join a meeting or manually update the Meeting Manager client, and ensure that version 20.2008.2606.4919 of the control itself is installed.

Another is to remove the software as described in Cisco's advisory.

A third is to set the control's kill bit, again, as described in Cisco's advisory.

See Also

https://seclists.org/fulldisclosure/2008/Aug/83

http://www.nessus.org/u?bbc052fb

https://seclists.org/fulldisclosure/2008/Aug/322

Plugin Details

Severity: High

ID: 33859

File Name: webex_atucfobj_bof.nasl

Version: 1.20

Type: local

Agent: windows

Family: Windows

Published: 8/11/2008

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

CANVAS (D2ExploitPack)

Metasploit (WebEx UCF atucfobj.dll ActiveX NewObject Method Buffer Overflow)

Reference Information

CVE: CVE-2008-3558

BID: 30578

CWE: 119

Secunia: 31397