Parvez Anwar has discovered a vulnerability in the WebEx Meeting Manager WebexUCFObject ActiveX control, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the WebexUCFObject ActiveX control (atucfobj.dll) loading libraries (e.g. wbxtrace.dll) in an insecure manner. This can be exploited to load arbitrary libraries by e.g. embedding the ActiveX control into a Microsoft Word document and tricking a user into opening the document from a remote WebDAV or SMB share.
The vulnerability is confirmed in atucfobj.dll version 20.2009.2706.1025 included in the WebEx Meeting Manager ActiveX package. Other versions may also be affected.
Solution: The vendor has planned the rollout of an updated version for December 4th, 2010. Please contact the vendor for additional details.
Provided and/or discovered by: Parvez Anwar via Secunia
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: WebEx Meeting Manager WebexUCFObject ActiveX Control Insecure Library Loading
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.