While remote code execution vulnerabilities are pretty common, a new one discovered in Cisco's WebEx online and video collaboration software is definitely different. That is because users can remotely execute commands through a component of the WebEx client even when WebEx does not listen for remote connections.
Remote code execution vulnerabilities are bugs that allow a users to remotely connect to a vulnerable application and cause commands to be executed on the remote computer. These are critical bugs because they commonly allow commands to run with elevated privileges.
This new remote code execution vulnerability was disclosed yesterday by Ron Bowes and Jeff McJunkin of the hack challenge organization
Counter Hack while performing a recent pentest. Their initial goal was to elevate the permissions of a local standard user account, but they instead found a very interesting remote code execution bug that they have titled "WebExec".
