Vulnerability Details : CVE-2008-3558
Public exploit exists!
Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.
Vulnerability category: OverflowExecute code
Products affected by CVE-2008-3558
- cpe:2.3:a:cisco:webex_meeting_manager:20.2008.2601.4928:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3558
92.98%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2008-3558
-
WebEx UCF atucfobj.dll ActiveX NewObject Method Buffer Overflow
Disclosure Date: 2008-08-06First seen: 2020-04-26exploit/windows/browser/webex_ucf_newobjectThis module exploits a stack-based buffer overflow in WebEx's WebexUCFObject ActiveX Control. If a long string is passed to the 'NewObject' method, a stack- based buffer overflow will occur when copying attacker-supplied data using the sprintf function. It
CVSS scores for CVE-2008-3558
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-3558
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3558
-
http://www.securitytracker.com/id?1020641
-
http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml
Vulnerability in Cisco WebEx Meeting Manager ActiveX Control - CiscoVendor Advisory
-
https://www.exploit-db.com/exploits/6220
Cisco WebEx Meeting Manager UCF - 'atucfobj.dll' ActiveX Remote Buffer Overflow - Windows remote Exploit
-
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html
-
http://www.vupen.com/english/advisories/2008/2319
Vendor Advisory
-
http://www.kb.cert.org/vuls/id/661827
US Government Resource
-
http://www.securityfocus.com/bid/30578
WebEx Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/44250
Jump to