Multiple Remote Buffer Overflow Vulnerabilities in Cisco WebEx WRF File Format

Release date:
Updated on:

Affected Systems:
Cisco WebEx (Mac OS X) T27 LD SP32
Cisco WebEx (Mac OS X) T27 LC SP25 EP9
Cisco WebEx (Mac OS X) T27 LB SP21 EP10
Cisco WebEx (Mac OS X) T27 L SP11 EP26
Cisco WebEx (Linux) T27 LD SP32
Cisco WebEx (Linux) T27 LC SP25 EP9
Cisco WebEx (Linux) T27 LB SP21 EP10
Cisco WebEx (Linux) T27 L SP11 EP26
Unaffected system:
Cisco WebEx (Mac OS X) T27 LD SP32 CP1
Cisco WebEx (Mac OS X) T27 LC SP25 EP10
Cisco WebEx (Linux) T27 LD SP32 CP1
Cisco WebEx (Linux) T27 LC SP25 EP10
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52882
Cve id: CVE-2012-1335, CVE-2012-1336, CVE-2012-1337

WebEx conferencing service is a managed multimedia conferencing solution managed and maintained by Cisco WebEx. The WRF file format is used to store WebEx meeting records. The player is used to play back and edit record files. Cisco WebEx Player is used to play back the content of a meeting recorded on the WebEx meeting site or online meeting participants. The player is automatically installed when you access the record files on the WebEx meeting site. You can also manually install it after downloading it.

Multiple Remote Buffer overflow vulnerabilities exist in the implementation of Cisco WebEx. Attackers can exploit these vulnerabilities to execute arbitrary code when running affected applications.

<* Source: Secunia

Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex

*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20120404-webex) and patches for this:

Cisco-sa-20120404-webex: Buffer Overflow Vulnerabilities in the Cisco WebEx Player

Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex