News & Media
Become a member »
» ESB-2012.0347 - [Win][Linux][Mac][OSX] Cisco WebEx P...
ESB-2012.0347 - [Win][Linux][Mac][OSX] Cisco WebEx Player: Multiple vulnerabilities
05 April 2012
Click here for printable version
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.0347 Buffer Overflow Vulnerabilities in the Cisco WebEx Player 5 April 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco WebEx Player Publisher: Cisco Systems Operating System: Linux variants Mac OS X Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2012-1337 CVE-2012-1336 CVE-2012-1335 Original Bulletin: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Advisory ID: cisco-sa-20120404-webex Revision 1.0 For Public Release 2012 April 4 16:00 UTC (GMT) +-------------------------------------------------------------------- Summary ======= The Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The players can also be manually installed for offline playback after downloading the application from www.webex.com. If the WRF player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the WRF player was manually installed, users will need to manually install a new version of the player after downloading the latest version from www.webex.com. Cisco has updated affected versions of the WebEx meeting sites and WRF player to address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk98YzcACgkQQXnnBKKRMNCTmQD/VY6JJbsShxFPEOhYw/LWLtkE yW4X11Smv2wub8CSMWQA/i4FPoQK9LFWzv6Vtskr7GvTF9i6RNOs5sffl+WilfCC =H8ML - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to email@example.com and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBT3zunO4yVqjM2NGpAQJIbg/+NjGDlTGMq4ej6MRAxxSPyds2ee1AiHHt wMILeup7VTSa1TTGoEVgunOj/Y1PgfVwpdTO74o5VDoQDT4buuUPAHkalxaQdf94 pBTvqg+oW0T/DXtAlOL3MVGlqzPOJSMXHfa/meP6Db1pRAtYsV/zBehpMRH0jz4X JQX169MW831pWiVV69W7Qm+uUjSQWf5yF1itxyXHfRR/TKdinkXrM2dMvI5XJHWg 052pPLHlATnAqvUEDf2VVUlY2/X+qgPU5h2cGX8LECVsJJr0DL3rifx574++Jn3W e+rY9tR/GBNrMT29kWswWL11mlbY2UcBEZl0YYQ3N+rGafAw7qSRsGCGK5MgyMmB DBlvFy0C327i3m7GDIMWOlHxcqvOV7s1GjCeW3cWumoky8A0YRGMhXejyBcq9zfy +yNv/7q4HUZXXMbzSAytWcoskOaDAQ2hTmFmdPJLgtJ3LJhieJUugj34Zj8xsoKX hYo3A2brq+Hjip5Hls0UrG3eZ5d/qa7zT+9ymbjQJsvjepL/ZEvOAeJWTObiXxVl Sj1VqAgu0D241qYS6Q057WTptMvPr2sAcwSPA4wfQrbiqh7DFmVHLM6tdYjPR+sz 4/e33kN0BaOZL/Y3Pns2UO5O1gQ6uOlL4nItWhjeWyjbwPZcvXu+H3MXJTtIwhg0 SqS3trDxIcE= =hxyR -----END PGP SIGNATURE-----
Comments? Click here