[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-3423Date: (C)2006-07-06   (M)2023-12-22


WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cause the client to download a DLL file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1016446
BID-18860
http://xforce.iss.net/xforce/alerts/id/226
http://www.securityfocus.com/archive/1/archive/1/439496/100/0/threaded
SECUNIA-20956
OSVDB-27039
OSVDB-27040
ADV-2006-2688
http://www.webex.com/lp/security/ActiveAdv.html?TrackID=123456
http://www.zerodayinitiative.com/advisories/ZDI-06-021.html
web-conferencing-code-injection(24370)

CWE    1
CWE-20

© SecPod Technologies