Vulnslist

find the latest Cisco vulnerabilities

Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players

cisco-sa-20130904-webex · Critical · Published · Updated

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players. Exploitation of these vulnerabilities could allow a remote attacker to crash an affected player, and in some cases, could allow a remote attacker to execute arbitrary code on the system of a targeted user. The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on the computer of an on-line meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. Cisco has updated affected versions of the Cisco WebEx Business Suite meeting sites, Cisco WebEx 11 meeting sites, Cisco WebEx Meetings Server, and Cisco WebEx WRF and ARF Players to address these vulnerabilities. Cisco has released software updates that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130904-webex

Cisco advisory · CSAF JSON

Workarounds

While there are no workarounds for the vulnerabilities detailed in this advisory, it is possible to remove all WebEx software completely from a system using the Meeting Services Removal Tool (for Microsoft Windows users) or Mac Cisco-WebEx Uninstaller (for Apple Mac OS X users) available at http://support.webex.com/support/downloads.html["http://support.webex.com/support/downloads.html"].

Removal of WebEx software from a Linux or UNIX-based system can be accomplished by following the steps in the WebEx knowledge base help article at the following link: https://support.webex.com/MyAccountWeb/knowledgeBase.do?root=Tools&parent=Knowledge&articleId=WBX28548&txtSearchQuery=uninstall%20linux#["https://support.webex.com/MyAccountWeb/knowledgeBase.do?root=Tools&parent=Knowledge&articleId=WBX28548&txtSearchQuery=uninstall%20linux#"].

CVEsCVE-2013-1115, CVE-2013-1116, CVE-2013-1117, CVE-2013-1118, CVE-2013-1119
Cisco Bug IDsCSCub28371, CSCub28383, CSCuc24503, CSCuc27639, CSCuc27645, CSCud23401, CSCud31109, CSCue74118, CSCue74147
CVSS ScoreBase 9.3
Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C
Base 7.9 AV:N/AC:M/Au:M/C:C/I:C/A:C/E:POC/RL:OF/RC:C
Product Names From Source
Cisco WebEx WRF Player, Cisco WebEx ARF Player, Cisco WebEx Meetings Server

Related Products

Product CVE Evidence
Cisco Webex Meetings CVE-2013-1119 Cisco OpenVuln
Cisco Webex Meetings CVE-2013-1118 Cisco OpenVuln
Cisco Webex Meetings CVE-2013-1117 Cisco OpenVuln
Cisco Webex Meetings CVE-2013-1116 Cisco OpenVuln
Cisco Webex Meetings CVE-2013-1115 Cisco OpenVuln
Cisco WebEx WRF Player CVE-2013-1119 Cisco OpenVuln
Cisco WebEx WRF Player CVE-2013-1118 Cisco OpenVuln
Cisco WebEx WRF Player CVE-2013-1117 Cisco OpenVuln
Cisco WebEx WRF Player CVE-2013-1116 Cisco OpenVuln
Cisco WebEx WRF Player CVE-2013-1115 Cisco OpenVuln
Cisco WebEx Meetings Server CVE-2013-1119 Cisco OpenVuln
Cisco WebEx Meetings Server CVE-2013-1118 Cisco OpenVuln
Cisco WebEx Meetings Server CVE-2013-1117 Cisco OpenVuln
Cisco WebEx Meetings Server CVE-2013-1116 Cisco OpenVuln
Cisco WebEx Meetings Server CVE-2013-1115 Cisco OpenVuln
Cisco WebEx ARF Player CVE-2013-1119 Cisco OpenVuln
Cisco WebEx ARF Player CVE-2013-1118 Cisco OpenVuln
Cisco WebEx ARF Player CVE-2013-1117 Cisco OpenVuln
Cisco WebEx ARF Player CVE-2013-1116 Cisco OpenVuln
Cisco WebEx ARF Player CVE-2013-1115 Cisco OpenVuln