|
Family: Windows --> Category: infos
WebEx Downloader ActiveX Control Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks version of the WebEx Downloader ActiveX control
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote Windows host has an ActiveX control that allows for
arbitrary code execution.
Description :
The Windows remote host contains the WebEx Downloader ActiveX control,
which is used when attending or hosting a meeting using WebEx, a
sharing and conferencing application for Windows.
The version of this ActiveX control on the remote host reportedly
allows a possible hacker to deliver arbitrary components to the affected
host, which could later be executed subject to the rights of the
current user.
See also :
http://xforce.iss.net/xforce/alerts/id/226
http://www.zerodayinitiative.com/advisories/ZDI-06-021.html
http://www.webex.com/lp/security/ActiveAdv.html?TrackID=123456
Solution :
Upgrade to WebEx Downloader test 2.1.0.0 or later.
Threat Level:
Medium / CVSS Base Score : 4.7
(AV:R/AC:L/Au:NR/C:P/I:P/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|