製品・ソフトウェアに関する情報

JVN脆弱性詳細

Cisco WebEx Meeting Manager の WebexUCFObject ActiveX コントロールにおけるスタックベースのバッファオーバーフローの脆弱性

Title	Cisco WebEx Meeting Manager の WebexUCFObject ActiveX コントロールにおけるスタックベースのバッファオーバーフローの脆弱性
Summary	Cisco WebEx Meeting Manager の atucfobj.dll 内にある WebexUCFObject ActiveX コントロールには、スタックベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者により、NewObject メソッドへの長大な引数を介して、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 8, 2008, midnight
Registration Date	June 8, 2011, 11:35 a.m.
Last Update	June 8, 2011, 11:35 a.m.

Affected System

シスコシステムズ

Cisco WebEx Meeting Manager 26.49.9.2838 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-3558	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3558
National Vulnerability Database (NVD)
2	CVE-2008-3558	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3558

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Cisco Security Advisory
1	cisco-sa-20080814-webex	http://www.cisco.com/warp/public/707/cisco-sa-20080814-webex.shtml

その他

No	Name	URL
ISS X-Force Database
1	44250	http://xforce.iss.net/xforce/xfdb/44250
Secunia Advisory
2	SA31397	http://secunia.com/advisories/31397
SecurityFocus
3	30578	http://www.securityfocus.com/bid/30578
US-CERT Vulnerability Note
4	VU#661827	http://www.kb.cert.org/vuls/id/661827

Change Log

No	Changed Details	Date of change
0	[2011年06月08日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2008-3558

Summary	Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.
Summary	Un desbordamiento de búfer en la región stack de la memoria en el control ActiveX de WebexUCFObject en la biblioteca atucfobj.dll en Cisco WebEx Meeting Managern anterior a versión 20.2008.2606.4919, permite a los atacantes remotos ejecutar código arbitrario por medio de un argumento largo en el método NewObject.
Publication Date	Aug. 9, 2008, 4:41 a.m.
Registration Date	Jan. 29, 2021, 1:40 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:cisco:webex_meeting_manager:20.2008.2601.4928:::::::*

Related information, measures and tools

No	URL	refsource
1	http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html	cve@mitre.org
2	http://secunia.com/advisories/31397	cve@mitre.org
3	http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml	cve@mitre.org
4	http://www.kb.cert.org/vuls/id/661827	cve@mitre.org
5	http://www.securityfocus.com/bid/30578	cve@mitre.org
6	http://www.securitytracker.com/id?1020641	cve@mitre.org
7	http://www.vupen.com/english/advisories/2008/2319	cve@mitre.org
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/44250	cve@mitre.org
9	https://www.exploit-db.com/exploits/6220	cve@mitre.org
10	http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063692.html	af854a3a-2127-422b-91ae-364da2661108
11	http://secunia.com/advisories/31397	af854a3a-2127-422b-91ae-364da2661108
12	http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml	af854a3a-2127-422b-91ae-364da2661108
13	http://www.kb.cert.org/vuls/id/661827	af854a3a-2127-422b-91ae-364da2661108
14	http://www.securityfocus.com/bid/30578	af854a3a-2127-422b-91ae-364da2661108
15	http://www.securitytracker.com/id?1020641	af854a3a-2127-422b-91ae-364da2661108
16	http://www.vupen.com/english/advisories/2008/2319	af854a3a-2127-422b-91ae-364da2661108
17	https://exchange.xforce.ibmcloud.com/vulnerabilities/44250	af854a3a-2127-422b-91ae-364da2661108
18	https://www.exploit-db.com/exploits/6220	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html