A vulnerability in the Cisco WebEx Advanced Recording Format (ARF) player used in Cisco WebEx Business Suite, Cisco WebEx 11, and the Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to crash the Cisco WebEx ARF player, and in some cases execute remote code with the privilege of the logged in user.
The vulnerability is due to a failure to properly validate input from the .arf recording being played. An attacker could exploit this vulnerability by persuading a user to play a specially crafted .arf recording in a vulnerable Cisco WebEx ARF player. This vulnerability cannot be triggered just by attending a WebEx meeting.
Cisco has confirmed the vulnerability in a security advisory and has released software updates.
Indicators of Compromise
Cisco has published a list of affected WebEx WRF Player releases in the security advisory. The Vendor Announcements section of this alert contains a link to the advisory.
Additional technical details are unavailable.
To exploit this vulnerability, an attacker may require access to trusted, internal networks to send crafted requests to the affected software. This access requirement could limit the likelihood of a successful exploit.
Cisco indicates through the CVSS score that PoC exploit code exists; however, the code is not known to be publicly available.
Microsoft Windows and Apple Mac OS X Administrators may consider removing all WebEx software completely from a system using the Meeting Services Removal Tool (for Microsoft Windows users) or the Mac Cisco-WebEx Uninstaller (for Apple Mac OS X users), available at http://support.webex.com/support/downloads.html.
Cisco customers with active contracts can obtain updates through the Software Center at the following link: Cisco. Cisco customers without contracts can obtain upgrades by contacting the Cisco Technical Assistance Center at 1-800-553-2447 or 1-408-526-7209 or via e-mail at firstname.lastname@example.org.
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM
THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
FIXED SOFTWARE INFORMATION AND LINKS PROVIDED BY SUPPLIERS AND VENDORS ARE FOR REFERENCE ONLY. USERS SHOULD CONTACT THEIR SUPPLIER OR VENDOR FOR UPDATED SOFTWARE.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products
Cisco Multivendor Vulnerability Alerts respond to vulnerabilities identified in third-party vendors' products. These alerts contain information compiled from diverse sources and provide comprehensive technical descriptions, objective analytical assessments, workarounds and practical safeguards, and links to vendor advisories and patches.