Announcement Announcement Module
Collapse
No announcement yet.
Vulnerabilities in Cisco WebEx Recording and Advanced Recording Format Players Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Vulnerabilities in Cisco WebEx Recording and Advanced Recording Format Players

    Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players


    Severity Rating: High

    Systems Affected
    • Cisco WebEx Business Suite (WBS29) client builds prior to T29.2
    • Cisco WebEx Business Suite (WBS28) client builds prior to T28.12
    • Cisco WebEx Business Suite (WBS27) client builds prior to T27LDSP32EP16 (27.32.16)
    • Cisco WebEx 11 versions prior to 1.2.10
    • Cisco WebEx 11 with client builds prior to T28.12
    • Cisco WebEx Meetings Server client builds prior to 2.0.0.1677

    Overview
    Multiple vulnerabilities have been reported in Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players which could allow an unauthenticated remote attacker to cause an affected player to crash and could allow attacker to execute arbitrary code on the system of a targeted user.

    Description

    1. Cisco WebEx WRF and ARF Players Out-of-Bounds Memory Read Vulnerability
    This vulnerability is in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players used in Cisco WebEx Business Suite and due to failure to properly validate input from the WRF and ARF recording when it is played. A remote attacker could exploit this vulnerability by persuading a user to play a crafted recording in a vulnerable Cisco WebEx Player.
    Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to perform out-of-bands memory read operations and could cause player applications to terminate abnormally or
    execute arbitrary code.

    2. Cisco WebEx ARF Player LZW Decompress Memory Corruption Vulnerability
    This vulnerability is in the Cisco WebEx Advanced Recording Format (ARF) Player used in Cisco WebEx Business Suite and Cisco WebEx 11 and due to a failure to properly validate input from the ARF recording being played. An unauthenticated remote attacker could exploit this vulnerability by persuading a user to play a crafted ARF recording in a vulnerable Cisco WebEx ARF Player.
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code or cause a Denial of Service (DoS) condition on the system.

    3. Cisco WebEx Player WRF File Audio Channel Parsing Heap Overflow Vulnerability
    This vulnerability is in the Cisco WebEx Recording Format (WRF) player used in Cisco WebEx Business Suite and due to a failure to properly validate input from the WRF recording being played. An unauthenticated remote attacker could exploit this vulnerability by persuading a user to play a crafted WRF recording in a vulnerable Cisco WebEx WRF Player. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code or cause a Denial of Service (DoS) condition on the system.

    4. Cisco WebEx ARF Player Memory Corruption Vulnerability
    This vulnerability is in the Cisco WebEx Advanced Recording Format (ARF) Player used in Cisco WebEx Business Suite, Cisco WebEx 11, and the Cisco WebEx Meetings Server and due to a failure to properly validate input from the ARF recording being played. An unauthenticated remote attacker could exploit this vulnerability by using misleading language or instructions to persuade a user to play a crafted ARF recording in a vulnerable Cisco WebEx ARF Player. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code or cause a Denial of Service (DoS) condition on the system.

    5. Cisco WebEx ARF Player Memory Corruption Vulnerability
    This vulnerability is in the Cisco WebEx Advanced Recording Format (ARF) Player used in Cisco WebEx Business Suite, Cisco WebEx 11, and the Cisco WebEx Meetings Server and due to a failure to properly validate input from the .arf recording being played. An unauthenticated remote attacker could exploit this vulnerability by using misleading language or instructions to persuade a user to play a crafted .arf recording in a vulnerable Cisco WebEx ARF Player. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code or cause a Denial of Service (DoS) condition on the system.

    Solution
    Apply appropriate updates as mentioned in CISCO advisory:
    http://tools.cisco.com/security/cent...20140507-webex

    Vendor Information
    CISCO
    http://tools.cisco.com/security/cent...20140507-webex

    References
    Cisco
    http://tools.cisco.com/security/cent...?alertId=34029
    http://tools.cisco.com/security/cent...?alertId=34030
    http://tools.cisco.com/security/cent...?alertId=34031
    http://tools.cisco.com/security/cent...?alertId=34032
    http://tools.cisco.com/security/cent...?alertId=34033
Tag Cloud Tag Cloud Module
Collapse
Working...
X