Cisco has patched a handful of buffer overflows in several of its WebEx products that could allow an attacker to execute arbitrary code or crash a vulnerable application. The bugs affect the WebEx WRF and ARF players and some of Cisco’s Business Suite builds, WebEx 11 and WebEx Meetings Server also are affected by at least one of the vulnerabilities.
The WebEx WRF and ARF players are small apps that play WebEx content after it’s been recorded. The company said that the players are sometimes automatically downloaded when a users opens a recorded meeting on a WebEx server.
“Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players. Exploitation of these vulnerabilities could allow a remote attacker to cause an affected player to crash and, in some cases, could allow a remote attacker to execute arbitrary code on the system of a targeted user,” the Cisco advisory says.
“To exploit one of these vulnerabilities, the player applications would need to open a malicious ARF or WRF file. An attacker may be able to accomplish this exploit by providing the malicious recording file directly to users (for example, by using email), or by directing a user to a malicious web page. The vulnerabilities cannot be triggered by users who are attending a WebEx meeting.”
In addition to the WRF and ARF Players, the other confirmed vulnerable products include:
- Cisco WebEx Business Suite (WBS29) client builds prior to T29.2
- Cisco WebEx Business Suite (WBS28) client builds prior to T28.12
- Cisco WebEx Business Suite (WBS27) client builds prior to T27LDSP32EP16 (27.32.16)
- Cisco WebEx 11 versions prior to 1.2.10 with client builds prior to T28.12
- Cisco WebEx Meetings Server client builds prior to 126.96.36.1997
Cisco officials said there aren’t any workarounds for the vulnerabilities, but there are fixed versions of each of the vulnerable products available now.