module
WebEx UCF atucfobj.dll ActiveX NewObject Method Buffer Overflow
| Disclosed | Created |
|---|---|
| 2008-08-06 | 2018-05-30 |
Disclosed
2008-08-06
Created
2018-05-30
Description
This module exploits a stack-based buffer overflow in WebEx's WebexUCFObject
ActiveX Control. If a long string is passed to the 'NewObject' method, a stack-
based buffer overflow will occur when copying attacker-supplied data using the
sprintf function.
It is noteworthy that this vulnerability was discovered and reported by multiple
independent researchers. To quote iDefense's advisory, "Before this issue was
publicly reported, at least three independent security researchers had knowledge
of this issue; thus, it is reasonable to believe that even more people were aware
of this issue before disclosure."
NOTE: Due to input restrictions, this exploit uses a heap-spray to get the payload
into memory unmodified.
ActiveX Control. If a long string is passed to the 'NewObject' method, a stack-
based buffer overflow will occur when copying attacker-supplied data using the
sprintf function.
It is noteworthy that this vulnerability was discovered and reported by multiple
independent researchers. To quote iDefense's advisory, "Before this issue was
publicly reported, at least three independent security researchers had knowledge
of this issue; thus, it is reasonable to believe that even more people were aware
of this issue before disclosure."
NOTE: Due to input restrictions, this exploit uses a heap-spray to get the payload
into memory unmodified.
Authors
Tobias Klein
Elazar Broad
Guido Landi
jduck jduck@metasploit.com
Elazar Broad
Guido Landi
jduck jduck@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.