cvelistv5 - CVE-2008-3558

CVE-2008-3558 (GCVE-0-2008-3558)

Vulnerability from cvelistv5 – Published: 2008-08-08 19:00 – Updated: 2024-08-07 09:45

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.exploit-db.com/exploits/6220	exploitx_refsource_EXPLOIT-DB
	http://www.kb.cert.org/vuls/id/661827	third-party-advisoryx_refsource_CERT-VN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/30578	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2008/2319	vdb-entryx_refsource_VUPEN
	http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
	http://www.securitytracker.com/id?1020641	vdb-entryx_refsource_SECTRACK
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO
	http://secunia.com/advisories/31397	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:45:18.562Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "6220",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/6220"
          },
          {
            "name": "VU#661827",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/661827"
          },
          {
            "name": "webex-webexucfobject-bo(44250)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44250"
          },
          {
            "name": "30578",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30578"
          },
          {
            "name": "ADV-2008-2319",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2319"
          },
          {
            "name": "20080806 Webex atucfobj Module ActiveX Control Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html"
          },
          {
            "name": "1020641",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020641"
          },
          {
            "name": "20080814 Vulnerability in Cisco WebEx Meeting Manager ActiveX Control",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml"
          },
          {
            "name": "31397",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31397"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-08-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "6220",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/6220"
        },
        {
          "name": "VU#661827",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/661827"
        },
        {
          "name": "webex-webexucfobject-bo(44250)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44250"
        },
        {
          "name": "30578",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30578"
        },
        {
          "name": "ADV-2008-2319",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2319"
        },
        {
          "name": "20080806 Webex atucfobj Module ActiveX Control Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html"
        },
        {
          "name": "1020641",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020641"
        },
        {
          "name": "20080814 Vulnerability in Cisco WebEx Meeting Manager ActiveX Control",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml"
        },
        {
          "name": "31397",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31397"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3558",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "6220",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/6220"
            },
            {
              "name": "VU#661827",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/661827"
            },
            {
              "name": "webex-webexucfobject-bo(44250)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44250"
            },
            {
              "name": "30578",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30578"
            },
            {
              "name": "ADV-2008-2319",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2319"
            },
            {
              "name": "20080806 Webex atucfobj Module ActiveX Control Buffer Overflow Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html"
            },
            {
              "name": "1020641",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020641"
            },
            {
              "name": "20080814 Vulnerability in Cisco WebEx Meeting Manager ActiveX Control",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml"
            },
            {
              "name": "31397",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31397"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3558",
    "datePublished": "2008-08-08T19:00:00",
    "dateReserved": "2008-08-08T00:00:00",
    "dateUpdated": "2024-08-07T09:45:18.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_meeting_manager:20.2008.2601.4928:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A52FBB07-48ED-417C-B574-BDF6F67ADD0E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.\"}, {\"lang\": \"es\", \"value\": \"Un desbordamiento de b\\u00fafer en la regi\\u00f3n stack de la memoria en el control ActiveX de WebexUCFObject en la biblioteca atucfobj.dll en Cisco WebEx Meeting Managern anterior a versi\\u00f3n 20.2008.2606.4919, permite a los atacantes remotos ejecutar c\\u00f3digo arbitrario por medio de un argumento largo en el m\\u00e9todo NewObject.\"}]",
      "id": "CVE-2008-3558",
      "lastModified": "2024-11-21T00:49:32.270",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-08-08T19:41:00.000",
      "references": "[{\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/31397\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/661827\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/30578\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1020641\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2319\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/44250\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/6220\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/31397\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/661827\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/30578\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1020641\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2319\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/44250\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/6220\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3558\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-08-08T19:41:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el control ActiveX de WebexUCFObject en la biblioteca atucfobj.dll en Cisco WebEx Meeting Managern anterior a versi\u00f3n 20.2008.2606.4919, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un argumento largo en el m\u00e9todo NewObject.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_meeting_manager:20.2008.2601.4928:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A52FBB07-48ED-417C-B574-BDF6F67ADD0E\"}]}]}],\"references\":[{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31397\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/661827\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/30578\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1020641\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2319\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44250\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/6220\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31397\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/661827\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/30578\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1020641\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2319\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44250\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/6220\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-G6X7-M6FM-69FG

Vulnerability from github – Published: 2022-05-02 00:01 – Updated: 2022-05-02 00:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3558"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-08-08T19:41:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.",
  "id": "GHSA-g6x7-m6fm-69fg",
  "modified": "2022-05-02T00:01:19Z",
  "published": "2022-05-02T00:01:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3558"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44250"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/6220"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31397"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/661827"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30578"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020641"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2319"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2008-3558

Vulnerability from fkie_nvd - Published: 2008-08-08 19:41 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html
cve@mitre.org	http://secunia.com/advisories/31397	Vendor Advisory
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml	Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/661827	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/30578
cve@mitre.org	http://www.securitytracker.com/id?1020641
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2319	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/44250
cve@mitre.org	https://www.exploit-db.com/exploits/6220
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31397	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/661827	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30578
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020641
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2319	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/44250
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/6220

Impacted products

	Vendor	Product	Version
	cisco	webex_meeting_manager	20.2008.2601.4928

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:webex_meeting_manager:20.2008.2601.4928:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52FBB07-48ED-417C-B574-BDF6F67ADD0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el control ActiveX de WebexUCFObject en la biblioteca atucfobj.dll en Cisco WebEx Meeting Managern anterior a versi\u00f3n 20.2008.2606.4919, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un argumento largo en el m\u00e9todo NewObject."
    }
  ],
  "id": "CVE-2008-3558",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-08-08T19:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31397"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/661827"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/30578"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020641"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2319"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44250"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/6220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/661827"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/30578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020641"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2319"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44250"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/6220"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2008-3558

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-3558

Aliases

CVE-2008-3558

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3558",
    "description": "Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.",
    "id": "GSD-2008-3558",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2008-3558"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3558"
      ],
      "details": "Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.",
      "id": "GSD-2008-3558",
      "modified": "2023-12-13T01:23:05.135968Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-3558",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "6220",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/6220"
          },
          {
            "name": "VU#661827",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/661827"
          },
          {
            "name": "webex-webexucfobject-bo(44250)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44250"
          },
          {
            "name": "30578",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/30578"
          },
          {
            "name": "ADV-2008-2319",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2319"
          },
          {
            "name": "20080806 Webex atucfobj Module ActiveX Control Buffer Overflow Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html"
          },
          {
            "name": "1020641",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1020641"
          },
          {
            "name": "20080814 Vulnerability in Cisco WebEx Meeting Manager ActiveX Control",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml"
          },
          {
            "name": "31397",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31397"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meeting_manager:20.2008.2601.4928:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3558"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080806 Webex atucfobj Module ActiveX Control Buffer Overflow Vulnerability",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html"
            },
            {
              "name": "30578",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/30578"
            },
            {
              "name": "31397",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31397"
            },
            {
              "name": "1020641",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1020641"
            },
            {
              "name": "VU#661827",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/661827"
            },
            {
              "name": "20080814 Vulnerability in Cisco WebEx Meeting Manager ActiveX Control",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml"
            },
            {
              "name": "ADV-2008-2319",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2319"
            },
            {
              "name": "webex-webexucfobject-bo(44250)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44250"
            },
            {
              "name": "6220",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/6220"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-29T01:31Z",
      "publishedDate": "2008-08-08T19:41Z"
    }
  }
}

VAR-200808-0182

Vulnerability from variot - Updated: 2023-12-18 12:46

Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method. WebEx Meeting Manager is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. This issue affects the 'atucfobj.dll' ActiveX control library. Failed attacks will likely cause denial-of-service conditions. 'atucfobj.dll' 20.2008.2601.4928 is vulnerable; other versions may also be affected. The vulnerable versions of the ActiveX control are hosted by WebEx meeting service servers running WBS 23, 25, and 26 prior to 26.49.9.2838. WebEx is Cisco's web conferencing solution. WebEx Meeting Manager versions earlier than 20.2008.2606.4919 have a stack overflow vulnerability. The WebexUCFObject control in Atucfobj.dll does not properly validate input parameters to the NewObject() method. ----------------------------------------------------------------------

Want a new job?

http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/

International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/

TITLE: Webex Meeting Manager WebexUCFObject ActiveX Control Buffer Overflow

SECUNIA ADVISORY ID: SA31397

VERIFY ADVISORY: http://secunia.com/advisories/31397/

CRITICAL: Highly critical

IMPACT: System access

WHERE:

From remote

SOFTWARE: WebEx Meeting Manager http://secunia.com/product/3003/

DESCRIPTION: Elazar Broad has discovered a vulnerability in Webex Meeting Manager, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the WebexUCFObject ActiveX control (atucfobj.dll) when handling arguments passed to the "NewObject()" method.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 20.2008.2601.4928.

SOLUTION: The vendor has reportedly fixed the vulnerability in version 20.2008.2606.4919.

PROVIDED AND/OR DISCOVERED BY: Elazar Broad

ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200808-0182",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "webex meeting manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "20.2008.2601.4928"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "webex",
        "version": null
      },
      {
        "model": "webex meeting manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "26.49.9.2838"
      },
      {
        "model": "meeting manager \u0027atucfobj.dll\u0027",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webex",
        "version": "20.2008.2601.4928"
      },
      {
        "model": "meeting manager \u0027atucfobj.dll\u0027",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "webex",
        "version": "20.2008.2606.4919"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#661827"
      },
      {
        "db": "BID",
        "id": "30578"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002516"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3558"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-107"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meeting_manager:20.2008.2601.4928:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-3558"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Elazar Broad\u203b elazarb@earthlink.net",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-107"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-3558",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2008-3558",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-33683",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-3558",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#661827",
            "trust": 0.8,
            "value": "30.07"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200808-107",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-33683",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#661827"
      },
      {
        "db": "VULHUB",
        "id": "VHN-33683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002516"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3558"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-107"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method. WebEx Meeting Manager is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. This issue affects the \u0027atucfobj.dll\u0027 ActiveX control library. Failed attacks will likely cause denial-of-service conditions. \n\u0027atucfobj.dll\u0027 20.2008.2601.4928 is vulnerable; other versions may also be affected. \nThe vulnerable versions of the ActiveX control are hosted by WebEx meeting service servers running WBS 23, 25, and 26 prior to 26.49.9.2838. WebEx is Cisco\u0027s web conferencing solution. WebEx Meeting Manager versions earlier than 20.2008.2606.4919 have a stack overflow vulnerability. The WebexUCFObject control in Atucfobj.dll does not properly validate input parameters to the NewObject() method. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nWebex Meeting Manager WebexUCFObject ActiveX Control Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA31397\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31397/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nWebEx Meeting Manager\nhttp://secunia.com/product/3003/\n\nDESCRIPTION:\nElazar Broad has discovered a vulnerability in Webex Meeting Manager,\nwhich can be exploited by malicious people to compromise a user\u0027s\nsystem. \n\nThe vulnerability is caused due to a boundary error within the\nWebexUCFObject ActiveX control (atucfobj.dll) when handling arguments\npassed to the \"NewObject()\" method. \n\nSuccessful exploitation allows execution of arbitrary code. \n\nThe vulnerability is confirmed in version 20.2008.2601.4928. \n\nSOLUTION:\nThe vendor has reportedly fixed the vulnerability in version\n20.2008.2606.4919. \n\nPROVIDED AND/OR DISCOVERED BY:\nElazar Broad\n\nORIGINAL ADVISORY:\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-3558"
      },
      {
        "db": "CERT/CC",
        "id": "VU#661827"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002516"
      },
      {
        "db": "BID",
        "id": "30578"
      },
      {
        "db": "VULHUB",
        "id": "VHN-33683"
      },
      {
        "db": "PACKETSTORM",
        "id": "68892"
      }
    ],
    "trust": 2.79
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-33683",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33683"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#661827",
        "trust": 3.6
      },
      {
        "db": "SECUNIA",
        "id": "31397",
        "trust": 3.4
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3558",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "30578",
        "trust": 2.8
      },
      {
        "db": "EXPLOIT-DB",
        "id": "6220",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2319",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1020641",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "44250",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002516",
        "trust": 0.8
      },
      {
        "db": "CISCO",
        "id": "20080814 VULNERABILITY IN CISCO WEBEX MEETING MANAGER ACTIVEX CONTROL",
        "trust": 0.6
      },
      {
        "db": "MILW0RM",
        "id": "6220",
        "trust": 0.6
      },
      {
        "db": "FULLDISC",
        "id": "20080806 WEBEX ATUCFOBJ MODULE ACTIVEX CONTROL BUFFER OVERFLOW VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-107",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "16604",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-71118",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "86895",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-33683",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "68892",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#661827"
      },
      {
        "db": "VULHUB",
        "id": "VHN-33683"
      },
      {
        "db": "BID",
        "id": "30578"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002516"
      },
      {
        "db": "PACKETSTORM",
        "id": "68892"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3558"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-107"
      }
    ]
  },
  "id": "VAR-200808-0182",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33683"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:46:29.562000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20080814-webex",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080814-webex.shtml"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002516"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002516"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3558"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://www.kb.cert.org/vuls/id/661827"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/30578"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/31397"
      },
      {
        "trust": 1.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-august/063692.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a00809e2006.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1020641"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/44250"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/6220"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/2319"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44250"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/31397/"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080814-webex.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-august/063692.html "
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3558"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3558"
      },
      {
        "trust": 0.6,
        "url": "http://www.milw0rm.com/exploits/6220"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/2319"
      },
      {
        "trust": 0.3,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0084.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.webex.com/support/downloads.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.microsoft.com/kb/240797"
      },
      {
        "trust": 0.3,
        "url": "http://www.webex.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3003/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/about_secunia/64/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#661827"
      },
      {
        "db": "VULHUB",
        "id": "VHN-33683"
      },
      {
        "db": "BID",
        "id": "30578"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002516"
      },
      {
        "db": "PACKETSTORM",
        "id": "68892"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3558"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-107"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#661827"
      },
      {
        "db": "VULHUB",
        "id": "VHN-33683"
      },
      {
        "db": "BID",
        "id": "30578"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002516"
      },
      {
        "db": "PACKETSTORM",
        "id": "68892"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3558"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-107"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-08-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#661827"
      },
      {
        "date": "2008-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-33683"
      },
      {
        "date": "2008-08-06T00:00:00",
        "db": "BID",
        "id": "30578"
      },
      {
        "date": "2011-06-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002516"
      },
      {
        "date": "2008-08-08T18:43:59",
        "db": "PACKETSTORM",
        "id": "68892"
      },
      {
        "date": "2008-08-08T19:41:00",
        "db": "NVD",
        "id": "CVE-2008-3558"
      },
      {
        "date": "2008-08-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200808-107"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-08-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#661827"
      },
      {
        "date": "2017-09-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-33683"
      },
      {
        "date": "2010-03-05T05:41:00",
        "db": "BID",
        "id": "30578"
      },
      {
        "date": "2011-06-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002516"
      },
      {
        "date": "2017-09-29T01:31:44.303000",
        "db": "NVD",
        "id": "CVE-2008-3558"
      },
      {
        "date": "2009-03-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200808-107"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-107"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco WebEx Meeting Manager WebexUCFObject ActiveX Control stack buffer overflow",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#661827"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200808-107"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-3558 (GCVE-0-2008-3558)

GHSA-G6X7-M6FM-69FG

FKIE_CVE-2008-3558

GSD-2008-3558

VAR-200808-0182

Tags

Sightings

Nomenclature