Release date:
Updated on:
Affected Systems:
Cisco WebEx (Windows) 27.10
Cisco WebEx (Windows) 27.0
Cisco WebEx (Windows) 26.49.32
Cisco WebEx (Windows) 26.0
Cisco WebEx (Mac OS X) 27.11.8
Cisco WebEx (Mac OS X) 27.00
Cisco WebEx (Mac OS X) 26.49.35
Cisco WebEx (Mac OS X) 26.00
Unaffected system:
Cisco WebEx (Windows) 27LC SP22
Cisco WebEx (Windows) 27LB SP21 EP3
Cisco WebEx (Mac OS X) 27LC SP22
Cisco WebEx (Mac OS X) 27LB SP21 EP3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 46075
Cve id: CVE-2010-3041, CVE-2010-3042, CVE-2010-3043, CVE-2010-3044, CVE-2010-3269
WebEx is the world's largest network communication service provider and can provide telecommunication network conferencing solutions. Currently, WebEx has been acquired by Cisco. Cisco WebEx WRF Player is used to play the WebEx meeting records recorded by attendees on the computer.
Cisco WebEx has multiple remote buffer overflow vulnerabilities in the implementation of WRF and Arn file formats. Attackers can exploit these vulnerabilities to execute arbitrary code or cause denial-of-service (DoS) attacks with the affected application permissions.
<* Source: Federico Muttis
TippingPoint (http://www.tippingpoint.com /)
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.cisco.com/warp/public/707/advisory.html