Holes in Cisco WebEx Patched

Monday, July 9, 2012 @ 03:07 PM gHale


There are four buffer overflow vulnerabilities in the Cisco WebEx player and one buffer overflow in the Cisco Advanced Format player running on Windows, Mac OS X and Linux.

The vulnerabilities could allow an attacker to execute code on a system, Cisco officials said. The players play back WebEx meeting recordings and automatically install when required by WebEx meetings.

RELATED STORIES
Cisco Closes Multiple Holes
Networking Fixes from Cisco, Wireshark
USB Malware Heart of Investigation
Flame and SCADA Security

The problem exists in WebEx Business Suite with client builds 28.0.0, 27.32.1 (and earlier), 27.25.10 (and earlier), 27.21.10 (and earlier) and 27.11.26 (and earlier).

Exploiting the applications requires the playback of a maliciously constructed recording file which can either come via email or by getting the user to visit a malicious web page; the vulnerabilities are not exploitable within a WebEx meeting.

Where Cisco WebEx clients have been automatically installed, the company said they will automatically update. Customers who do not receive automatic updates can get updated players for Windows and Mac OS X from the Get WebEx Player page. Other versions and updates require contacting Cisco support.



Leave a Reply

You must be logged in to post a comment.