WebEx ActiveX Bug Found, Fixed

A security company uncovered the remotely exploitable vulnerability in an ActiveX control used with Microsoft's Internet Explorer.

Gregg Keizer, Contributor

July 6, 2006

1 Min Read
InformationWeek logo in a gray background | InformationWeek

Online collaboration service provider WebEx released a fix for its flagship software Thursday after a security company uncovered a remotely exploitable vulnerability in an ActiveX control used with Microsoft's Internet Explorer.

Atlanta-based Internet Security Systems (ISS) discovered the bug in the ActiveX-based IE plug-in, which is used to install the WebEx client program on users' machines before they attend an online meeting. According to ISS, the WebEx control didn't verify the validity of the to-be-downloaded components, making it possible for an attacker to create a bogus site and download malicious code to users' PCs rather than the real WebEx software.

WebEx said that it's about 95 percent finished with a client update to customers' Web sites, and that end users will be updated automatically when they next use the service.

"The remaining customer sites are expected to be updated shortly," the Santa Clara, Calif.-based company said in a statement.

Users can also manually download the update using the link on the online advisory WebEx has posted to its support site.

About the Author

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights