Cisco patches critical WebEx security holes

Cisco WebEx WRF Player vulnerable to six code execution vulnerabilities.

Cisco has released a security fix for at least six security holes that expose users of its WebEx Player software to remote code execution attacks.

The affected Cisco WebEx WRF Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an on-line meeting attendee.

Here's the skinny from Cisco's advisory:

Multiple buffer overflow vulnerabilities exist in the WRF Player. The vulnerabilities may lead to a crash of the WRF Player application, or in some cases, lead to remote code execution.

To exploit a vulnerability, a malicious WRF file would need to be opened by the WRF Player application. An attacker may be able to accomplish this by providing the malicious WRF file directly to users (for example, via e-mail), or by convincing users to visit a malicious website. The vulnerability cannot be triggered by users attending a WebEx meeting.

For corporate users that rely heavily on WebEx recordings, this should be treated as a high-priority update.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All