Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cause the client to download a DLL file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WebEx Downloader插件GpcUrlRoot和GpcIniFileName ActiveX/Java控件远程代码执行漏洞
Vulnerability Description
WebEx是全球最大的网络通信服务供应商,可提供电信级网络会议解决方案。 WebEx在处理组件下载操作时存在漏洞,远程攻击者可能利用此漏洞在用户机器上执行任意命令。 WebEx在召开或加入网络会议时需要使用Downloader插件来下载一些额外的组件。在下载时由于对各种ActiveX/Java控件参数和配置指令缺少验证,GpcUrlRoot和GpcIniFileName ActiveX/Java控件参数可能允许攻击者指定包含有其他控制指令的配置文件位置,允许攻击者向目标传送任意文件和可执行程序,进而完全入
CVSS Information
N/A
Vulnerability Type
N/A