Cisco ActiveX Control Vulnerability (Aug 8, 2008)


A flaw has been discovered in the Cisco Webex Meeting Manager ActiveX control. The flaw creates an exploitable vulnerability that may be leveraged by remote attackers.

The affected ActiveX control exposes one method called NewObject, which takes one single string argument. During the execution of this method, insufficient internal checks are performed on the argument value. The code does not correctly verify and enforce a length limit on the passed string value. The string is simply copied into a fixed size stack buffer regardless of its size. This lack of verification allows a long string to be passed to the affected function thereby overwriting internal memory structures which in turn may allow to divert process flow of the application.

SonicWALL has added a signature 3418 Webex Meeting Manager (atucfobj.dll) ActiveX Control BO Attempt that will detect and prevent generic attack attempts leveraging this vulnerability. Exploits attacking this vulnerability are known to exist.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.