Switching and networking vendor Cisco is warning about serious security vulnerabilities in the Cisco WebEx Players used by businesses for recording and playback of meeting recordings.
In all, the company warned about five separate buffer overflow security flaws that exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players.
A hacker who successfully exploited these vulnerabilities could, in some instances, launch harmful code directly against a targeted user. A successful compromise could also cause the WebEx player to crash, Cisco warned in an advisory that carries a CVSS Base Score of 7.8.
The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx server.
The company has shipped patches for users of the Cisco WebEx Business Suite meeting sites, Cisco WebEx 11 meeting sites, Cisco WebEx Meetings Server, and Cisco WebEx WRF and ARF Players to address these vulnerabilities.
According to Cisco, updates are available for the following:
Cisco WebEx Business Suite (WBS29) client builds T29.2 or later
Cisco WebEx Business Suite (WBS28) client builds T28.12 or later
Cisco WebEx Business Suite (WBS27) client builds T27TLSP32EP16 (27.32.16) or later
Cisco WebEx 11 versions prior to 1.2.10 with client builds T28.12 or later
Cisco WebEx Meetings Server client builds 220.127.116.117 or later
Cisco WebEx Meetings Server client builds Orion 2.0 or later
Ryan is the host of the podcast series “Security Conversations – a podcast with Ryan Naraine”. He is the head of Kaspersky Lab’s Global Research & Analysis team in the USA and has extensive experience in computer security user education, specializing in operating system and third-party application vulnerabilities, zero-day attacks, social engineering and social networking threats. Prior to joining Kaspersky Lab, he monitored security and hacker attack trends for over 10 years, writing for eWEEK magazine and the ZDNet Zero Day blog. Follow Ryan on Twitter @ryanaraine.Previous Columns by Ryan Naraine:Cisco Warns of WebEx Player Security VulnerabilitiesPodcast: CrowdStrikes Adam Meyers Discusses Attacks Emanating from China, Russia and the Middle EastBlackBerry 10 Haunted by Adobe Flash VulnerabilitiesBoston Restaurant Group Confirms Credit Card Data TheftAffinity Gaming Credit Card, Debit Card System Hacked
Tags: Network Security