Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Cisco Releases Security Advisory On WebEx Client ActiveX Control
According to Cisco, the WebEx Meeting Manager client software includes atucfobj.dll, a DLL that allows meeting participants to view Unicode fonts. This library contains a buffer overflow vulnerability that could allow an attacker to execute arbitrary code on your system. Your WebEx provider must patch its servers in order for you to be protected. Read on to find out how to check.
1 Min Read
According to Cisco, the WebEx Meeting Manager client software includes atucfobj.dll, a DLL that allows meeting participants to view Unicode fonts. This library contains a buffer overflow vulnerability that could allow an attacker to execute arbitrary code on your system. Your WebEx provider must patch its servers in order for you to be protected. Read on to find out how to check.WebEx is a leading remote support platform for organizations worldwide, so this particular vulnerability is bound to impact lots of IT shops. In fact, I just discovered my very own Web provider is still vulnerable!
The most frustrating thing about this vulnerability is that you are at the mercy of your WebEx provider. That's because the WebEx provider's server automatically updates the WebEx client upon login to the latest version it has to distribute. And if the WebEx presenter is distributing a vulnerable client, you will be downgraded to a vulnerable client despite any attempt to upgrade to a nonvulnerable client.
Most WebEx presenters are on the WBS26 version of the software. Here's a quick snippet from the Cisco alert that will help you determine if you and your WebEx presenter are vulnerable.
"For the WBS 26 version:
About the Author
You May Also Like
More Insights
