WebEx Downloader Plug-in Code Execution Vulnerability
ZDI-06-021: July 6th, 2006CVE ID
Affected Vendors
-
WebEx Communications Inc.
Affected Products
TippingPoint™ IPS Customer Protection
TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 4274. For further product information on the TippingPoint IPS:Vulnerability Details
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the WebEx Downloader Plug-in. Successful exploitation requires that the target user browse to a malicious web page.
The specific flaws exists due to the lack of input validation on various ActiveX/Java control parameters and configuration directives. The "GpcUrlRoot" and "GpcIniFileName" ActiveX/Java control parameters allow an attacker to specify the location of a configuration file containing further control directives. This allows an attacker to transfer arbitrary files and executables to the target. The attacker can then leverage available configuration directives to execute the newly created executables thereby compromising the underlying system.
Vendor Response
WebEx Communications Inc. has issued an update to correct this vulnerability. More details can be found at:Disclosure Timeline
-
2006-04-11 - Vulnerability reported to vendor
2006-07-06 - Coordinated public release of advisory
Credit
This vulnerability was discovered by:-
Anonymous
