During a pentest a couple months back, me and my coworker (/u/jeffmcjunkin) stumbled upon an 0-day in Cisco WebEx. It’s neat because it’s a remote code execution vulnerability in a client-side app due to bad ACLs.
You can also find Nmap scripts to check for it (already pushed to svn) as well as Metasploit modules to exploit it (in a metasploit fork) linked from there.
I thought you guys would be interested! Please patch!