Article

WebEx addresses ActiveX flaw

Dennis Fisher

Researchers at Internet Security Systems Inc. on Thursday said they had discovered a serious flaw in the widely used WebEx Web conferencing software. But WebEx already has taken steps to prevent attacks.

According to the ISS X-Force, the vulnerability involves the way that the software downloads certain components when users install the WebEx package on their machines.

WebEx Communications Inc. is the Web conferencing market leader and the software is used in thousands of enterprises and organizations around the world.

When users participate in a Web-based meeting using the WebEx software, they must first download a small client. WebEx employs an ActiveX control to download the client onto users' PCs.

The specific problem occurs during the download process when the ActiveX control fails to verify the source or content of the components it installs. This could enable an attacker to create a malicious Web page and trick users into downloading malware instead of the WebEx software,

    Requires Free Membership to View

ISS said in its advisory.

The results of a successful attack could vary, but an attacker who is able to implant software on a user's machine could easily gain access to sensitive data or use the PC to attack other assets on the same network.

ISS notified WebEx of the problem some time ago and the two companies developed a fix that WebEx already has implemented. The WebEx service will automatically update the ActiveX control on the machines of all users who access the service going forward.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: