Cisco WebEx Player Buffer Overflows Vulnerabilities

Last Update Date: 8 May 2014 11:05 Release Date: 8 May 2014 3236 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Im, Chat & Voip

TYPE: Im, Chat & Voip

Multiple vulnerabilities have been identified in Cisco WebEx Player. A remote user can create a specially crafted file that, when loaded by the target user, will trigger a buffer overflow or memory corruption flaw and execute arbitrary code on the target system. The code will run with the privileges of the target user.

  1. The Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) players are affected.
  2. An out-of-bounds memory read may occur.
  3. A memory corruption error may occur in the ARF player and its LZW decompression.
  4. A heap overflow may occur in audio channel parsing in the WRF player.

Impact

  • Remote Code Execution

System / Technologies affected

  • Cisco WebEx Business Suite (WBS29) client builds T29.2
  • Cisco WebEx Business Suite (WBS28) client builds T28.12
  • Cisco WebEx Business Suite (WBS27) client builds T27TLSP32EP16 (27.32.16)
  • Cisco WebEx 11 version 1.2.10 with client builds T28.12
  • Cisco WebEx Meetings Server client builds 2.0.0.1677

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix.

Vulnerability Identifier

Source

Related Link

Share with

Previous

OpenSSL Deny Service Vulnerability

5 May 2014 3236 Views

Next

IBM WebSphere Application Server Denial of Service Vulnerability

13 May 2014 3079 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY