Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

WebEx ActiveX Bug Found, Fixed

Online collaboration service provider WebEx released a fix for its flagship software Thursday after a security company uncovered a remotely exploitable vulnerability in an ActiveX control used with Microsoft's Internet Explorer.

Atlanta-based Internet Security Systems (ISS) discovered the bug in the ActiveX-based IE plug-in, which is used to install the WebEx client program on users' machines before they attend an online meeting. According to ISS, the WebEx control didn't verify the validity of the to-be-downloaded components, making it possible for an attacker to create a bogus site and download malicious code to users' PCs rather than the real WebEx software.

WebEx said that it's about 95 percent finished with a client update to customers' Web sites, and that end users will be updated automatically when they next use the service.

"The remaining customer sites are expected to be updated shortly," the Santa Clara, Calif.-based company said in a statement.

Users can also manually download the update using the link on the online advisory WebEx has posted to its support site.