Cisco fixes its conferencing software
Cisco has announced an update to fix a bug in the ActiveX control of its WebEx Meeting Manager that could lead to a buffer overflow. The network specialist acknowledged that an attacker could exploit the vulnerability to execute arbitrary code. The bug is in the Control WebexUCFObject, ClassID {32E26FD9-F435-4A20-A561-35D4B987CFDC}
in the DLL atucfobj.dll8
. Cisco says that the problem affects versions WBS 23, WBS 25, and WBS 26. The WBS 26 server has already been updated and anyone connecting to an updated server will automatically receive an updated version of the client software. Cisco says that WBS 25 will also be updated by the end of September and WBS23 will be transitioned to WBS26 in the same time frame.
See also:
- Vulnerability in Cisco WebEx Meeting Manager ActiveX Control, Cisco Security Advisory
- Cisco WebEx Meeting Manager WebexUCFObject ActiveX Control stack buffer overflow, US-CERT vulnerability note
(djwm)