Advisory Details

July 6th, 2006

WebEx Downloader Plug-in Code Execution Vulnerability

ZDI-06-021
ZDI-CAN-034

CVE ID CVE-2006-3423
CVSS SCORE
AFFECTED VENDORS WebEx Communications Inc.
AFFECTED PRODUCTS Web Conference ActiveX Control
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 4274. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the WebEx Downloader Plug-in. Successful exploitation requires that the target user browse to a malicious web page.

The specific flaws exists due to the lack of input validation on various ActiveX/Java control parameters and configuration directives. The "GpcUrlRoot" and "GpcIniFileName" ActiveX/Java control parameters allow an attacker to specify the location of a configuration file containing further control directives. This allows an attacker to transfer arbitrary files and executables to the target. The attacker can then leverage available configuration directives to execute the newly created executables thereby compromising the underlying system.

ADDITIONAL DETAILS WebEx Communications Inc. has issued an update to correct this vulnerability. More details can be found at:
http://www.webex.com/lp/security/ActiveAdv.html?TrackID=123456
DISCLOSURE TIMELINE
  • 2006-04-11 - Vulnerability reported to vendor
  • 2006-07-06 - Coordinated public release of advisory
CREDIT Anonymous
BACK TO ADVISORIES