WebEx has patched a vulnerability in its web conferencing software that was due to a flaw in one of their ActiveX controls - that most powerful and useful of components, but equally one that offers big scope for abuse.

According to researchers at ISS, a WebEx ActiveX control could be fooled into installing software other than WebEx, potentially allowing an attack to install their own software on the victim's PC. It is a strange paradox that the power, flexibility and ease of use of modern software often provide opportunities for attackers to subvert these admirable qualities for malicious purposes. The message from Altravision is to take a cautious approach to ActiveX and certainly don't trust ActiveX from unknown sources.

I

SS did not publicly report the vulnerability until after WebEx had produced the patch, which has now been automatically applied to the vast majority of their customers' systems.

Further information: Network World.