DarkFiber Consulting – IT Managed Services

Microsoft Windows Help and Support Center Vulnerability

June 23rd, 2010 . by DarkFiber Consulting

DarkFiber Consulting is aware of a vulnerability affecting the Mircosoft Windows Help and Support Center. This vulnerability is due to improper sanitization of hcp:// URIs. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands.

DarkFiber Consulting encourages users and administrators to review Vulnerability Note VU#578319 and implement the workarounds to help mitigate the risks and reduce attack vectors.

DarkFiber Consulting will provide additional information as it becomes available.

Webex Meeting Manager ActiveX Control Vulnerability

August 11th, 2008 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports of a vulnerability that affects Webex Meeting Manager. This vulnerability is due to improper handling of arguments passed to the “NewObject()” method within the WebexUCFObject ActiveX control (atucfobj.dll). By convincing a user to visit a specially crafted web page, a remote attacker may be able to execute arbitrary code.

Public reports indicate that Webex has addressed this issue in Meeting Manager version 20.2008.2606.4919. DarkFiber Consulting encourages users to upgrade to this version or set the kill bit for CLSID 32E26FD9-F435-4A20-A561-35D4B987CFDC. Information about how to set a kill bit can be found in Microsoft Support Article 240797.