Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.0979 Multiple Vulnerabilities in the Cisco WebEx Recording Format Player 11 October 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco WebEx Recording Format Player Publisher: Cisco Systems Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-3941 CVE-2012-3940 CVE-2012-3939 CVE-2012-3938 CVE-2012-3937 CVE-2012-3936 Original Bulletin: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Multiple Vulnerabilities in the Cisco WebEx Recording Format Player Advisory ID: cisco-sa-20121010-webex Revision 1.0 For Public Release 2012 October 10 16:00 UTC (GMT) - - ---------------------------------------------------------------------- Summary ======= The Cisco WebEx Recording Format (WRF) player contains six buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx WRF Player is an application used to play back WRF WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The Cisco WebEx WRF Player can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The Cisco WebEx WRF Player can also be manually installed for offline playback after downloading the application from: http://www.webex.com/play-webex-recording.html. If the Cisco WebEx WRF Player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the Cisco WebEx WRF Player was manually installed, users will need to manually install a new version of the Cisco WebEx WRF Player after downloading the latest version from: http://www.webex.com/play-webex-recording.html. Cisco has updated affected versions of the WebEx meeting sites and Cisco WebEx WRF Player to address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex - -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlB1h6AACgkQUddfH3/BbTrjWAD/Xo3bSaXFymHXWKgoGNJQTRcp MFilgSgS+0Hp09ncDC0A/R+0E3BmJFwMukJw6IPAQkp+AjYus1naLVDcQMjh7svJ =tuKg - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUHZnGO4yVqjM2NGpAQLkTw//YlmBfOQ5u3JCnNfOmbVYzNxGroMtqNaY NZOrHgTK3MB8UPxzCD+sWI/up1f1AAHH4JTFAbjtfsY0QmiBFK0m1eqLd7UYS6X4 7c1YQtNkcpPunEEsMvzHrUXKM0yLzGzNJ9MB+SZ72sDhIx5kN8zt5bqhAZTc+EHP agVUOshMS/s3zrjNbx1HgdQ1MfA3eZ8T25Tb5LuPcPcuv37WrGeDJ6JPPBy1zHK4 S+DgqcrvQcxmxH99cuYjtFpeksFPl7tg8L8cCLV8Nc/oGZ7w6WLP/hnA8qfUtOB1 gkg9n5h5Pw45o/Aovez8SWf4No4xO2JNe3jq5Iq5FOVWTligFzbLrp798CPJRwrU 5Y2v/2i0PEn+42ve/hV7W7keMPD5hZVfhbAky5KyVQv1CjHprol6KB3wS1U7/0fj QSkJ7bvCQxZ8rSVE9dIaN3cdbwSIfu6NT8YV1nqepnM1BRPpNhH9j9EZZCRwxHku QJ5pFEodrplndM8GQ3wP6JR0Vq8u9d06KTTd26DYN96iZDQTEB7LU2lZi0urFHd+ OEENkuktNKvVJv957gM1TUx1gA1dTUPsfDBXdfNbL+acSxuWDUlUgFy/LrQp9gJI r1pLmjYlXSA+URxqcO19PSyvUwOADJWKmEX1/aynIt8Y4FQfRk5AsKSWsV9o8dxy WiJEc4dw1xw= =oOyY -----END PGP SIGNATURE-----