According to Cisco, the WebEx Meeting Manager client software includes atucfobj.dll, a DLL that allows meeting participants to view Unicode fonts. This library contains a buffer overflow vulnerability that could allow an attacker to execute arbitrary code on your system. Your WebEx provider must patch its servers in order for you to be protected. Read on to find out how to check.

Randy George, Director, IT Operations, Boston Red Sox

August 15, 2008

1 Min Read

According to Cisco, the WebEx Meeting Manager client software includes atucfobj.dll, a DLL that allows meeting participants to view Unicode fonts. This library contains a buffer overflow vulnerability that could allow an attacker to execute arbitrary code on your system. Your WebEx provider must patch its servers in order for you to be protected. Read on to find out how to check.WebEx is a leading remote support platform for organizations worldwide, so this particular vulnerability is bound to impact lots of IT shops. In fact, I just discovered my very own Web provider is still vulnerable!

The most frustrating thing about this vulnerability is that you are at the mercy of your WebEx provider. That's because the WebEx provider's server automatically updates the WebEx client upon login to the latest version it has to distribute. And if the WebEx presenter is distributing a vulnerable client, you will be downgraded to a vulnerable client despite any attempt to upgrade to a nonvulnerable client.

Most WebEx presenters are on the WBS26 version of the software. Here's a quick snippet from the Cisco alert that will help you determine if you and your WebEx presenter are vulnerable.

"For the WBS 26 version:

About the Author(s)

Randy George

Randy George

Director, IT Operations, Boston Red Sox

Randy George has covered a wide range of network infrastructure and information security topics in his 4 years as a regular InformationWeek and Network Computing contributor. He has 13 years of experience in enterprise IT, and has spent the last 8 years working as a senior-level systems analyst and network engineer in the professional sports industry. Randy holds various professional certifications from Microsoft, Cisco and Check Point, a BS in computer engineering from Wentworth Institute of Technology and an MBA from the University of Massachusetts Isenberg School of Management.

See more from Randy George
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Mitre company logo
Cyberattacks & Data Breaches
Top MITRE ATT&CK Techniques and How to Defend Against ThemTop MITRE ATT&CK Techniques and How to Defend Against Them
byNate Nelson, Contributing Writer
Apr 10, 2024
4 Min Read
A medical professional wearing scrub attire clicking on a screen in front of her
Cyberattacks & Data Breaches
Round 2: Change Healthcare Targeted in Second Ransomware AttackRound 2: Change Healthcare Targeted in Second Ransomware Attack
byDark Reading Staff
Apr 8, 2024
2 Min Read
A magnifying glass being held up in front of the apple logo
Vulnerabilities & Threats
Apple Warns Users in 150 Countries of Mercenary Spyware AttacksApple Warns Users Targeted by Mercenary Spyware
byDark Reading Staff
Apr 11, 2024
1 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events