WebEx ActiveX Bug Found, Fixed

A security company uncovered the remotely exploitable vulnerability in an ActiveX control used with Microsoft's Internet Explorer.

July 6, 2006

1 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Online collaboration service provider WebEx released a fix for its flagship software Thursday after a security company uncovered a remotely exploitable vulnerability in an ActiveX control used with Microsoft's Internet Explorer.

Atlanta-based Internet Security Systems (ISS) discovered the bug in the ActiveX-based IE plug-in, which is used to install the WebEx client program on users' machines before they attend an online meeting. According to ISS, the WebEx control didn't verify the validity of the to-be-downloaded components, making it possible for an attacker to create a bogus site and download malicious code to users' PCs rather than the real WebEx software.

WebEx said that it's about 95 percent finished with a client update to customers' Web sites, and that end users will be updated automatically when they next use the service.

"The remaining customer sites are expected to be updated shortly," the Santa Clara, Calif.-based company said in a statement.

Users can also manually download the update using the link on the online advisory WebEx has posted to its support site.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights