Cisco ActiveX Control Vulnerability

August 11, 2008

A flaw has been discovered in the Cisco Webex Meeting Manager ActiveX control. The flaw creates an exploitable vulnerability that may be leveraged by remote attackers.

The affected ActiveX control exposes one method called NewObject, which takes one single string argument. During the execution of this method, insufficient internal checks are performed on the argument value. The code does not correctly verify and enforce a length limit on the passed string value. The string is simply copied into a fixed size stack buffer regardless of its size. This lack of verification allows a long string to be passed to the affected function thereby overwriting internal memory structures which in turn may allow to divert process flow of the application.

SonicWALL has added a signature 3418 Webex Meeting Manager (atucfobj.dll) ActiveX Control BO Attempt that will detect and prevent generic attack attempts leveraging this vulnerability. Exploits attacking this vulnerability are known to exist.