Intrusion Prevention

WebEx.ActiveX.Code.Execution

Description

This indicates a vulnerability in the WebEx ActiveX Control, which can be exploited by remote attackers to take complete control of an affected system.
The flaw is due to input validation errors when handling the "GpcUrlRoot" and "GpcIniFileName" parameters. It can be exploited by remote attackers to download and execute malicious components by tricking a user into visiting a specially crafted web page.

Affected Products

WebEx ActiveX Control versions prior to 2.1.0.0

Impact

System compromise.

Recommended Actions

Upgrade to version 2.1.0.0 :
http://www.webex.com/lp/security/page2.html

CVE References

CVE-2006-3423