Cisco WebEx Player Buffer Overflows Vulnerabilities
Last Update Date:
8 May 2014 11:05
Release Date:
8 May 2014
3807
Views
RISK: Medium Risk
TYPE: Clients - Im, Chat & Voip
Multiple vulnerabilities have been identified in Cisco WebEx Player. A remote user can create a specially crafted file that, when loaded by the target user, will trigger a buffer overflow or memory corruption flaw and execute arbitrary code on the target system. The code will run with the privileges of the target user.
- The Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) players are affected.
- An out-of-bounds memory read may occur.
- A memory corruption error may occur in the ARF player and its LZW decompression.
- A heap overflow may occur in audio channel parsing in the WRF player.
Impact
- Remote Code Execution
System / Technologies affected
- Cisco WebEx Business Suite (WBS29) client builds T29.2
- Cisco WebEx Business Suite (WBS28) client builds T28.12
- Cisco WebEx Business Suite (WBS27) client builds T27TLSP32EP16 (27.32.16)
- Cisco WebEx 11 version 1.2.10 with client builds T28.12
- Cisco WebEx Meetings Server client builds 2.0.0.1677
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a fix.
Vulnerability Identifier
Source
Related Link
Share with