CVE-2008-3558

Cisco WebEx Meeting Manager <20.2008.2606.4919 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16604

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Guido Landi · htmlremotewindows

https://www.exploit-db.com/exploits/6220

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by Tobias Klein, Elazar Broad, Guido Landi, jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/webex_ucf_newobject.rb

View Code ZIP pw:eip

References (9)

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html

[Vendor Advisory] http://secunia.com/advisories/31397

[Vendor Advisory] http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml

[US Government Resource] http://www.kb.cert.org/vuls/id/661827

[Vendor Advisory] http://www.vupen.com/english/advisories/2008/2319

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/30578

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6220

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/44250

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1020641

Scores

EPSS 0.7990

EPSS Percentile 99.1%

Details

CWE

CWE-119

Status published

Products (1)

cisco/webex_meeting_manager 20.2008.2601.4928

Published Aug 08, 2008

Tracked Since Feb 18, 2026