Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0696 Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players 9 May 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco WebEx Players Publisher: Cisco Systems Operating System: Windows OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-2136 CVE-2014-2135 CVE-2014-2134 CVE-2014-2133 CVE-2014-2132 Original Bulletin: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players Advisory ID: cisco-sa-20140507-webex Revision 1.0 For Public Release 2014 May 7 16:00 UTC (GMT) Summary ======= Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players. Exploitation of these vulnerabilities could allow a remote attacker to cause an affected player to crash and, in some cases, could allow a remote attacker to execute arbitrary code on the system of a targeted user. The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. Cisco has updated affected versions of the Cisco WebEx Business Suite meeting sites, Cisco WebEx 11 meeting sites, Cisco WebEx Meetings Server, and Cisco WebEx WRF and ARF Players to address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex - -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTakVrAAoJEIpI1I6i1Mx3L9UP/0C/E8W9uqZ7PXRK8mmdhXZG N8r/eluyYFxieCuMf2vKRhseRy0b1r4voVT/JduymoxONoh+KcmWWpVabmXwWL7Q fhFemWAp8avu2/4bfqvUnS6k+U57ew+LhEDchGMx+j/iyv4axeCA6cBjVA3qkh/x skisxr5Sgftq2+9lPXOvh2EpDXAUV6r2f6CfxlcLJIrgYQP5SGKdb2NZX9DctgeI pBhUXMQmO4tT8/IZ1Y5h2s+9Z45iDc+sluW4YfPc5wdAwfjifTmR7Haem94mjf2Q a108I+77c8wHd1nb+KTxHOh/QhYcY64FhIbvqdjtC2CgMB1e61dlvBejnr/RVFHv +9CiiAy12vRTXCAxk/GAABCQWNVJHUEBEME/IQeaLYdDoU0x3njR2476xYogCCgg dkA9jTUPsjg6nBJl42q2Cne3cx31MUuj5zsZoxmeMXjFeTCmZlRSgr33F8uC3s3d DHRoykjLpviMS6tRVWqVyXI/5C4xfjEZPgElSJbBW9/s2MiFECb1Kbwv22lX9sai nzxqe62U0doKOqTEFi50Jd7MYuqvOZPlfZ+MCOoOn6T4m40uljjNtqEHU6S5LEYL oZ/xoqFfe3nT/4o3M4rSA9MDSqCPD/rx8sf14IMgyHoz+vCT8Zx0eaNZxDR1BbjP P/v+WwMQgOPwYp48q0Tc =k+fv - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU2xwkhLndAQH1ShLAQLumQ/+M0nmkc+IoQdkHt9wWu+WooK71N4QJQxT ohYiIzZKu/ljctexNZ49Lx/Onr4/+8YqN1IIGkX+WXn8eL/6IFA8VpWJ4o+MoyN5 C1PxcBjmHVSaV8SQeMFWpbE40tG/F3lW8Gx4FB4wT/byOOmw02fiLtL0uO66gS2v 3Flmr8cZiVOpUIZyTHem2uZeAw1ToIVpimpBwHSvhx65NCLfuMqmIG5RMHNlyfSb b2ZzQILIIou13vsMZEY5x2llu6Oc82veEhzCqjUVoVuXGfSkA0gn9BpPoy+rt2yy JXLy8A/qalf4L5fqbmdo1eQXaain9LrKqN0jsNgPwhBqcLGy4JHP6QVZsOvtqkKQ SBY8SSDxdkhI/C0hJGGE38rc9N8E5I7WNilYYGHkjaagBGuLY1m5N52NZ/f/IWY8 gVwdUtS6JMOCe+7ZRJ3BWG6vNJ/GcJ4aHW7lkh1OZLETTDQYv2ZQ85J8AGFgFUDM 5T34fPjWIXpSXWiGLnaA/VNZnNxsMT6i2DGWQQUdMpH5KdIg6riyr55HIpOaZEjY eOAv9w5+qv1XG2LGlABdPHsoRE/lKNoO1TceIBrFLEKHCRJY3Y1nObOAZuFYS1fI Y44kOQBNmaW4SbW7wLS7kFkQhps0EnIi2+mGr0Vn7aZesCGR6k3/BPbBt8hGHW8y 7gUOnZU3QqA= =5psZ -----END PGP SIGNATURE-----