Cisco patches critical WebEx security holes

Cisco patches critical WebEx security holes

Summary: Cisco WebEx WRF Player vulnerable to six code execution vulnerabilities.

SHARE:
TOPICS: Cisco, Security
4

Cisco has released a security fix for at least six security holes that expose users of its WebEx Player software to remote code execution attacks.

The affected Cisco WebEx WRF Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an on-line meeting attendee.

Here's the skinny from Cisco's advisory:

Multiple buffer overflow vulnerabilities exist in the WRF Player. The vulnerabilities may lead to a crash of the WRF Player application, or in some cases, lead to remote code execution.

To exploit a vulnerability, a malicious WRF file would need to be opened by the WRF Player application. An attacker may be able to accomplish this by providing the malicious WRF file directly to users (for example, via e-mail), or by convincing users to visit a malicious website. The vulnerability cannot be triggered by users attending a WebEx meeting.

For corporate users that rely heavily on WebEx recordings, this should be treated as a high-priority update.

Topics: Cisco, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Wow

    Even Cisco? I thought at least [i]they[/i] didn't
    make screwups like this. Sheesh. :(
    AzuMao
  • RE: Cisco patches critical WebEx security holes

    Does this mean that the WebEx Meeting Manager is vulnerable? OR is the WRF Player a standalone app?
    ST8ofPaniC@...
    • Just the software that plays them back.

      [b] [/b]
      AzuMao
  • RE: Cisco patches critical WebEx security holes

    Great!!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">sesli sohbet</a> <a href="http://www.yuregininsesi.com">sesli chat</a>
    efsane