CVE

Id
19527  
CVE No.
CVE-2006-3423  
Status
Candidate  
Description
WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cause the client to download a DLL file.  
Phase
Assigned (20060706)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
175583 19527 CVE-2006-3423 ISS:20060706 WebEx ActiveX Control DLL Injection  View
175584 19527 CVE-2006-3423 URL:http://xforce.iss.net/xforce/alerts/id/226  View
175585 19527 CVE-2006-3423 BUGTRAQ:20060707 ZDI-06-021: WebEx Downloader Plug-in Code Execution Vulnerability  View
175586 19527 CVE-2006-3423 URL:http://www.securityfocus.com/archive/1/archive/1/439496/100/0/threaded  View
175587 19527 CVE-2006-3423 MISC:http://www.zerodayinitiative.com/advisories/ZDI-06-021.html  View
175588 19527 CVE-2006-3423 CONFIRM:http://www.webex.com/lp/security/ActiveAdv.html?TrackID=123456  View
175589 19527 CVE-2006-3423 BID:18860  View
175590 19527 CVE-2006-3423 URL:http://www.securityfocus.com/bid/18860  View
175591 19527 CVE-2006-3423 VUPEN:ADV-2006-2688  View
175592 19527 CVE-2006-3423 URL:http://www.vupen.com/english/advisories/2006/2688  View
175593 19527 CVE-2006-3423 OSVDB:27039  View
175594 19527 CVE-2006-3423 URL:http://www.osvdb.org/27039  View
175595 19527 CVE-2006-3423 OSVDB:27040  View
175596 19527 CVE-2006-3423 URL:http://www.osvdb.org/27040  View
175597 19527 CVE-2006-3423 SECTRACK:1016446  View
175598 19527 CVE-2006-3423 URL:http://securitytracker.com/id?1016446  View
175599 19527 CVE-2006-3423 SECUNIA:20956  View
175600 19527 CVE-2006-3423 URL:http://secunia.com/advisories/20956  View
175601 19527 CVE-2006-3423 XF:web-conferencing-code-injection(24370)  View

Related JVN