A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WRF Player. An attacker could exploit this vulnerability by utilizing a maliciously crafted file that could bypass checks in the code and enable an attacker to read memory from outside the bounds of the mapped file. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-id
There are no workarounds that address this vulnerability. However, it is possible to remove all Cisco WebEx software completely from a system by using the Meeting Services Removal Tool (for Microsoft Windows) or Mac WebEx Meeting Application Uninstaller (for Apple Mac OS X), both of which are available for download from the Cisco Collaboration Help for Cisco Spark, WebEx, and Jabber article at https://collaborationhelp.cisco.com/article/en-us/WBX000026396 .
Removal of the Cisco WebEx software from a Linux or UNIX-based system can be accomplished by following the steps in the Cisco Collaboration Help for Cisco Spark, WebEx, and Jabber article at https://collaborationhelp.cisco.com/article/en-us/WBX28548 .