TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
953
Upgrade to the latest version of WebEx Meeting Manager(20.2008.2606.4919 or later), available from the Cisco
WebEx Web site. Alternatively user can set the kill bit to disable ActiveX for CLSID 32E26FD9-F435-4A20-A561-
35D4B987CFDC.
Signature ID: 35483
Cisco Webex Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-3558 Bugtraq: 30578
Signature Description: The WebEx Meeting Manager is a client-side program that is provided by the Cisco WebEx
meeting service. The Cisco WebEx meeting service automatically downloads, installs, and configures meeting manager
the first time a user begins or joins a meeting. The 'atucfobj' module of WebEx meeting manager, version
20.2008.2601.4928, is a stack-based buffer overflow vulnerability. The issue occurs when processing overly long
arguments(>236 bytes) passed to the NewObject() method. By persuading the victim to visit a specially-crafted web
page, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the browser to crash.
Upgrade to the latest version of WebEx Meeting Manager(20.2008.2606.4919 or later), available from the Cisco
WebEx Web site. This signature detects attack traffic using the vulnerable CLSID and %uHHHH encoding.
Signature ID: 35484
Cisco Webex Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-3558 Bugtraq: 30578
Signature Description: The WebEx Meeting Manager is a client-side program that is provided by the Cisco WebEx
meeting service. The Cisco WebEx meeting service automatically downloads, installs, and configures meeting manager
the first time a user begins or joins a meeting. The 'atucfobj' module of WebEx meeting manager, version
20.2008.2601.4928, is a stack-based buffer overflow vulnerability. The issue occurs when processing overly long
arguments(>236 bytes) passed to the NewObject() method. By persuading the victim to visit a specially-crafted web
page, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the browser to crash.
Upgrade to the latest version of WebEx Meeting Manager(20.2008.2606.4919 or later), available from the Cisco
WebEx Web site. This signature detects attack traffic using the vulnerable CLSID and %HH encoding.
Signature ID: 35485
Cisco Webex Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-3558 Bugtraq: 30578
Signature Description: The WebEx Meeting Manager is a client-side program that is provided by the Cisco WebEx
meeting service. The Cisco WebEx meeting service automatically downloads, installs, and configures meeting manager
the first time a user begins or joins a meeting. The 'atucfobj' module of WebEx meeting manager, version
20.2008.2601.4928, is a stack-based buffer overflow vulnerability. The issue occurs when processing overly long
arguments(>236 bytes) passed to the NewObject() method. By persuading the victim to visit a specially-crafted web
page, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the browser to crash.
Upgrade to the latest version of WebEx Meeting Manager(20.2008.2606.4919 or later), available from the Cisco
WebEx Web site. This signature detects attack traffic using the vulnerable CLSID in UTF encoding.