Unrated severityNVD Advisory· Published Jul 7, 2006· Updated Apr 16, 2026

CVE-2006-3423

Description

WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cause the client to download a DLL file.

Affected products

Webex Communications/Downloader Activexcontrol
cpe:2.3:a:webex_communications:downloader_activexcontrol:2.0.0.7:*:*:*:*:*:*:*
Webex Communications/Downloader Java
cpe:2.3:a:webex_communications:downloader_java:2.0.0.9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/20956nvdPatchVendor Advisory
www.vupen.com/english/advisories/2006/2688nvdVendor Advisory
www.zerodayinitiative.com/advisories/ZDI-06-021.htmlnvdVendor Advisory
securitytracker.com/idnvd
www.osvdb.org/27039nvd
www.osvdb.org/27040nvd
www.securityfocus.com/archive/1/439496/100/0/threadednvd
www.securityfocus.com/bid/18860nvd
www.webex.com/lp/security/ActiveAdv.htmlnvd
xforce.iss.net/xforce/alerts/id/226nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24370nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.010
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000