Details of VAR-200808-0182

ID

VAR-200808-0182

CVE

CVE-2008-3558

TITLE

Cisco WebEx Meeting Manager WebexUCFObject ActiveX Control stack buffer overflow

Trust: 0.8

sources: CERT/CC: VU#661827

DESCRIPTION

Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method. WebEx Meeting Manager is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. This issue affects the 'atucfobj.dll' ActiveX control library. Failed attacks will likely cause denial-of-service conditions. 'atucfobj.dll' 20.2008.2601.4928 is vulnerable; other versions may also be affected. The vulnerable versions of the ActiveX control are hosted by WebEx meeting service servers running WBS 23, 25, and 26 prior to 26.49.9.2838. WebEx is Cisco's web conferencing solution. WebEx Meeting Manager versions earlier than 20.2008.2606.4919 have a stack overflow vulnerability. The WebexUCFObject control in Atucfobj.dll does not properly validate input parameters to the NewObject() method. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Webex Meeting Manager WebexUCFObject ActiveX Control Buffer Overflow SECUNIA ADVISORY ID: SA31397 VERIFY ADVISORY: http://secunia.com/advisories/31397/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: WebEx Meeting Manager http://secunia.com/product/3003/ DESCRIPTION: Elazar Broad has discovered a vulnerability in Webex Meeting Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the WebexUCFObject ActiveX control (atucfobj.dll) when handling arguments passed to the "NewObject()" method. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 20.2008.2601.4928. SOLUTION: The vendor has reportedly fixed the vulnerability in version 20.2008.2606.4919. PROVIDED AND/OR DISCOVERED BY: Elazar Broad ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2008-3558 // CERT/CC: VU#661827 // JVNDB: JVNDB-2008-002516 // BID: 30578 // VULHUB: VHN-33683 // PACKETSTORM: 68892

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meeting manager	scope:	eq	version:	20.2008.2601.4928	Trust: 1.6
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	webex	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meeting manager	scope:	lt	version:	26.49.9.2838	Trust: 0.8
vendor:	webex	model:	meeting manager 'atucfobj.dll'	scope:	eq	version:	20.2008.2601.4928	Trust: 0.3
vendor:	webex	model:	meeting manager 'atucfobj.dll'	scope:	ne	version:	20.2008.2606.4919	Trust: 0.3

sources: CERT/CC: VU#661827 // BID: 30578 // JVNDB: JVNDB-2008-002516 // CNNVD: CNNVD-200808-107 // NVD: CVE-2008-3558

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-3558
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#661827
value:	30.07
Trust: 0.8
NVD:	CVE-2008-3558
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200808-107
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-33683
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2008-3558
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-33683
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#661827 // VULHUB: VHN-33683 // JVNDB: JVNDB-2008-002516 // CNNVD: CNNVD-200808-107 // NVD: CVE-2008-3558

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-33683 // JVNDB: JVNDB-2008-002516 // NVD: CVE-2008-3558

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200808-107

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200808-107

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-002516

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-33683

PATCH

title:

cisco-sa-20080814-webex

url:

http://www.cisco.com/warp/public/707/cisco-sa-20080814-webex.shtml

Trust: 0.8

sources: JVNDB: JVNDB-2008-002516

EXTERNAL IDS

db:	CERT/CC	id:	VU#661827	Trust: 3.6
db:	SECUNIA	id:	31397	Trust: 3.4
db:	NVD	id:	CVE-2008-3558	Trust: 2.8
db:	BID	id:	30578	Trust: 2.8
db:	EXPLOIT-DB	id:	6220	Trust: 1.7
db:	VUPEN	id:	ADV-2008-2319	Trust: 1.7
db:	SECTRACK	id:	1020641	Trust: 1.7
db:	XF	id:	44250	Trust: 1.4
db:	JVNDB	id:	JVNDB-2008-002516	Trust: 0.8
db:	CISCO	id:	20080814 VULNERABILITY IN CISCO WEBEX MEETING MANAGER ACTIVEX CONTROL	Trust: 0.6
db:	MILW0RM	id:	6220	Trust: 0.6
db:	FULLDISC	id:	20080806 WEBEX ATUCFOBJ MODULE ACTIVEX CONTROL BUFFER OVERFLOW VULNERABILITY	Trust: 0.6
db:	CNNVD	id:	CNNVD-200808-107	Trust: 0.6
db:	EXPLOIT-DB	id:	16604	Trust: 0.1
db:	SEEBUG	id:	SSVID-71118	Trust: 0.1
db:	PACKETSTORM	id:	86895	Trust: 0.1
db:	VULHUB	id:	VHN-33683	Trust: 0.1
db:	PACKETSTORM	id:	68892	Trust: 0.1

sources: CERT/CC: VU#661827 // VULHUB: VHN-33683 // BID: 30578 // JVNDB: JVNDB-2008-002516 // PACKETSTORM: 68892 // CNNVD: CNNVD-200808-107 // NVD: CVE-2008-3558

REFERENCES

url:	http://www.kb.cert.org/vuls/id/661827	Trust: 2.8
url:	http://www.securityfocus.com/bid/30578	Trust: 2.5
url:	http://secunia.com/advisories/31397	Trust: 2.5
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2008-august/063692.html	Trust: 1.8
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a00809e2006.shtml	Trust: 1.7
url:	http://www.securitytracker.com/id?1020641	Trust: 1.7
url:	http://xforce.iss.net/xforce/xfdb/44250	Trust: 1.4
url:	https://www.exploit-db.com/exploits/6220	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2008/2319	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/44250	Trust: 1.1
url:	http://secunia.com/advisories/31397/	Trust: 0.9
url:	http://www.cisco.com/warp/public/707/cisco-sa-20080814-webex.shtml	Trust: 0.8
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2008-august/063692.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3558	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3558	Trust: 0.8
url:	http://www.milw0rm.com/exploits/6220	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2008/2319	Trust: 0.6
url:	http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0084.html	Trust: 0.3
url:	http://support.webex.com/support/downloads.html	Trust: 0.3
url:	http://support.microsoft.com/kb/240797	Trust: 0.3
url:	http://www.webex.com/	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/product/3003/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/secunia_security_specialist/	Trust: 0.1
url:	http://corporate.secunia.com/about_secunia/64/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: CERT/CC: VU#661827 // VULHUB: VHN-33683 // BID: 30578 // JVNDB: JVNDB-2008-002516 // PACKETSTORM: 68892 // CNNVD: CNNVD-200808-107 // NVD: CVE-2008-3558

CREDITS

Elazar Broad※ elazarb@earthlink.net

Trust: 0.6

sources: CNNVD: CNNVD-200808-107

SOURCES

db:	CERT/CC	id:	VU#661827
db:	VULHUB	id:	VHN-33683
db:	BID	id:	30578
db:	JVNDB	id:	JVNDB-2008-002516
db:	PACKETSTORM	id:	68892
db:	CNNVD	id:	CNNVD-200808-107
db:	NVD	id:	CVE-2008-3558

LAST UPDATE DATE

2025-04-10T22:56:59.878000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#661827	date:	2008-08-15T00:00:00
db:	VULHUB	id:	VHN-33683	date:	2017-09-29T00:00:00
db:	BID	id:	30578	date:	2010-03-05T05:41:00
db:	JVNDB	id:	JVNDB-2008-002516	date:	2011-06-08T00:00:00
db:	CNNVD	id:	CNNVD-200808-107	date:	2009-03-18T00:00:00
db:	NVD	id:	CVE-2008-3558	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#661827	date:	2008-08-15T00:00:00
db:	VULHUB	id:	VHN-33683	date:	2008-08-08T00:00:00
db:	BID	id:	30578	date:	2008-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2008-002516	date:	2011-06-08T00:00:00
db:	PACKETSTORM	id:	68892	date:	2008-08-08T18:43:59
db:	CNNVD	id:	CNNVD-200808-107	date:	2008-08-08T00:00:00
db:	NVD	id:	CVE-2008-3558	date:	2008-08-08T19:41:00