Skip to main content

Cisco WebEx Player Buffer Overflows Vulnerabilities

Last Update Date: 8 May 2014 11:05 Release Date: 8 May 2014 3732 Views

RISK: Medium Risk

TYPE: Clients - Im, Chat & Voip

TYPE: Im, Chat & Voip

Multiple vulnerabilities have been identified in Cisco WebEx Player. A remote user can create a specially crafted file that, when loaded by the target user, will trigger a buffer overflow or memory corruption flaw and execute arbitrary code on the target system. The code will run with the privileges of the target user.

  1. The Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) players are affected.
  2. An out-of-bounds memory read may occur.
  3. A memory corruption error may occur in the ARF player and its LZW decompression.
  4. A heap overflow may occur in audio channel parsing in the WRF player.

Impact

  • Remote Code Execution

System / Technologies affected

  • Cisco WebEx Business Suite (WBS29) client builds T29.2
  • Cisco WebEx Business Suite (WBS28) client builds T28.12
  • Cisco WebEx Business Suite (WBS27) client builds T27TLSP32EP16 (27.32.16)
  • Cisco WebEx 11 version 1.2.10 with client builds T28.12
  • Cisco WebEx Meetings Server client builds 2.0.0.1677

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix.

Vulnerability Identifier


Source


Related Link