Update , Cisco will take a second crack at addressing Vulnerability-related.PatchVulnerability a vulnerability in WebEx that can be exploited Vulnerability-related.DiscoverVulnerability to execute malicious code on a vulnerable installation . Switchzilla has issued Vulnerability-related.PatchVulnerability a new fix to address Vulnerability-related.PatchVulnerability CVE-2018-15442 , a command injection bug in its video conference software that allows a local attacker to their elevate privileges , and then execute code by injecting commands through the software update component of the WebEx Meetings Client . The bug was traced back to the failure by Webex Meetings to properly check arguments passed via its update service commands . Thus a miscreant could run an update command with specially crafted arguments to ultimately execute code with system privileges . This means rogue logged-in users or malware on a Windows system could leverage WebEx to completely hijack the machine . Cisco had hoped to plug Vulnerability-related.PatchVulnerability the vulnerability in October with a patch that was thought to have resolved Vulnerability-related.PatchVulnerability the flaw . However , software-breakers at SecureAuth found that Switchzilla failed to account for DLL preloading . By sticking the malicious commands inside a DLL file and then executing the update program with that library loaded , an attacker would be able to circumvent the patch and then exploit Vulnerability-related.DiscoverVulnerability the flaw as before to execute commands with system-level clearance . `` The vulnerability can be exploited Vulnerability-related.DiscoverVulnerability by copying to an a local attacker controller folder , the ptUpdate.exe binary . Also , a malicious dll must be placed in the same folder , named wbxtrace.dll , '' SecureAuth explained in its disclosure today . `` To gain privileges , the attacker must start the service with the command line : '' Fortunately , the flaw was privately disclosed Vulnerability-related.DiscoverVulnerability to Cisco , giving the teleconferencing vendor time to get out Vulnerability-related.PatchVulnerability a fix prior to this bug going public . Those running Webex Meetings on their Windows machines should update as soon as possible . While the flaw is n't as severe as a remote code bug that could be exploited Vulnerability-related.DiscoverVulnerability without any user interaction , the fact it has now been patched Vulnerability-related.PatchVulnerability twice and has working proof-of-concept code public should make patching Vulnerability-related.PatchVulnerability a priority .