CVE-2006-3423

Name of the Vulnerable Software and Affected Versions WebEx Downloader ActiveX Control and WebEx Downloader Java versions prior to 2.1.0.0

Description The issue allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cause the client to download a DLL file. This is due to the failure of the WebEx Downloader ActiveX Control and WebEx Downloader Java to validate downloaded components.

Recommendations For versions prior to 2.1.0.0, update to version 2.1.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the GpcUrlRoot and GpcIniFileName ActiveX controls to minimize the risk of exploitation.