WebEx Communications Inc has responded to Internet Security Systems Inc’s comments about an ActiveX vulnerability in its Web conferencing software and the problems it highlights with ActiveX generally, claiming that the majority of its users have already been safeguarded.
The Santa Clara, California-based conferencing services company said that it carried out an automatic update to its client software on customer sites, such that, by July 6, 95% of them would be updated automatically when they next used the service.
The remaining customer sites are expected to be updated shortly, it went on. ISS and iSEC played key roles in helping to identify and resolve this ActiveX vulnerability, it went on.
WebEx uses ActiveX to download additional technology components needed for a meeting, the ISV explained. This update resolved a vulnerability within the ActiveX control used to install its web meeting software. WebEx said it had not received any reports of computers being compromised by this now resolved vulnerability.