Serious holes in Cisco WebEx player patched

Cisco has published an advisoryconcerning four buffer overflows in the Cisco WebEx player and one buffer overflow in the Cisco Advanced Format player running on Windows, Mac OS X and Linux. According to Cisco, the vulnerabilities could allow an attacker to execute code on a system. The players are used to play back WebEx meeting recordings and are automatically installed when required by WebEx meetings. The problem exists in WebEx Business Suite with client builds 28.0.0, 27.32.1 (and earlier), 27.25.10 (and earlier), 27.21.10 (and earlier) and 27.11.26 (and earlier)

Exploiting the applications requires the playback of a maliciously constructed recording file which can either be delivered by email or by getting the user to visit a malicious web page; the vulnerabilities are not exploitable within a WebEx meeting. Where Cisco WebEx clients have been automatically installed, the company says they will be automatically updated. Customers who do not receive automatic updates can get updated players for Windows and Mac OS X from the Get WebEx Player page. Other versions and updates require contacting Cisco support.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s