Buffer Overflow Vulnerability Discovered in ActiveX Control of WebEx
A new security flaw of the buffer overflow has been found within an ActiveX Control that is actively used by Cisco WebEx Meeting Manager, a program for Cisco's clients that the company's WebEx meeting facility provides, reports security firm SecuObs.
Attackers exploiting this flaw could execute malware remotely on the end-user's system, says the security company. It further discloses that the flaw affects the atucfobj.dll library, but it does not affect any other Cisco product.
In general, Umesh Wanve, Research Engineer at Cloud SaaS (Security as a Service) provider Zscaler, said that security flaws in ActiveX affecting Cisco items were gaining momentum and had become the most widely used attack vector because they were rather easy to exploit, as reported by SCMagazine on May 19, 2009.
Wanve further said that ActiveX vulnerabilities were simple to exploit since a lot of information about them were available online such as details of the vulnerability, proof-of-concept exploits and so on. He added that there were various methods and properties for ActiveX controls which if incorrectly coded could be easily exploited.
Moreover, the security specialists say that for anyone who finds a flawed method or property within an ActiveX control, he could develop an exploit without any difficulty and put it up on the relevant Web server. In case the flawed control is labeled with the note "safe for scripting", it could be summoned and exploited through a malevolent website. As a result, over the recent years, a number of file overwrite and buffer overflow flaws have been found in ActiveX controls, several of them with exploit codes.
Notably, during August 2008, WebEx was similarly flawed that could have let an attacker run arbitrary code in case a user visited a malware serving Website. The flaw could also be exploited via HTML implanted in e-mails or delivered through IM i.e. instant messaging programs.
In the meantime, it is understood that Cisco's WebEx is upgrading the infrastructure of its 'meeting facility' with patched editions of the affected file.
Related article: Buffer Overflow Flaw Found in IBM’s Tivoli Storage
» SPAMfighter News - 23-05-2009