Cisco Security Advisory: Vulnerability in Cisco WebEx Meeting Manager ActiveX Control
A buffer overflow vulnerability exists in an ActiveX control used by the WebEx Meeting Manager. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the user client machine. The WebEx Meeting Manager is a client-side program that is provided by the Cisco WebEx meeting service. The Cisco WebEx meeting service automatically downloads, installs, and configures Meeting Manager the first time a user begins or joins a meeting.
When users connect to the WebEx meeting service, the WebEx Meeting Manager is automatically upgraded to the latest version. There is a manual workaround available for users who are not able to connect to the WebEx meeting service.
Cisco WebEx is in the process of upgrading the meeting service infrastructure with fixed versions of the affected file.
Full advisory here: http://www.cisco.com/warp/public/707/cisco-sa-20080814-webex.shtml
PDF download here: http://www.cisco.com/univercd/cc/lib/csco/pdf_opt.gif