HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2008-133
Webex Meeting Manager ActiveX Control Buffer Overflow Vulnerability

Original Issue Date: August 20, 2008

Severity Rating: High

Systems Affected

  • Cisco WebEx Meeting Manager versions prior to 26.49.9.2838

Overview

Stack based buffer overflow vulnerability has been reported in “WebexUCFObject” ActiveX control of Cisco WebEx Meeting Manager, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

Cisco WebEx Meeting Manager is an online meeting and collaboration software package. WebEx Meeting Manager is the client-side application that is used by the WebEx meeting service. The WebEx meeting service installs several components of the WebEx Meeting Manager browser plugin on the meeting participant's system.

WebEx Meeting Manager includes atucfobj.dll , a DLL that allows meeting participants to view Universal Communication Format (UCF) contents. The vulnerability is due to insufficient boundary checking in the WebexUCFObject ActiveX control (atucfobj.dll). The vulnerable control fails to properly check bounds when handling overly long arguments that are passed to the “NewObject( )” method.

An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to visit a malicious website that is designed to pass malicious input to the vulnerable method of the affected ActiveX control. An exploit could allow the attacker to cause the user's browser to crash, resulting in a DoS condition, or to execute arbitrary code with the privileges of the user.

Workarounds

  • Disable the WebexUCFObject ActiveX control in Internet Explorer by setting the kill bit for the following CLSID:
    32E26FD9-F435-4A20-A561-35D4B987CFDC
  • Disabling ActiveX controls in the Internet Zone, if possible
  • Exercise caution while opening e-mail from untrusted sources
  • Do not follow unsolicited links and verify the authenticity of an unexpected link from a trusted source prior to following it
  • Run applications with the lowest necessary privileges

Solution

Apply appropriate software upgrades as mentioned in CISCO Security Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20080814
-webex.shtml

Vendor Information

Cisco
http://www.cisco.com/warp/public/707/cisco-sa-20080814
-webex.shtml
http://tools.cisco.com/security/center/viewAlert.x?alertId=16425

References

US-CERT
http://www.kb.cert.org/vuls/id/661827

Secunia
http://secunia.com/advisories/31397/

SecurityFocus
http://www.securityfocus.com/bid/30578

FrSIRT
http://www.frsirt.com/english/advisories/2008/2319

SecurityTracker
http://securitytracker.com/alerts/2008/
Aug/1020641.html

CVE Name
CVE-2008-3558
CVE-2008-2737

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003