Cisco patches critical WebEx security holes

Cisco WebEx WRF Player vulnerable to six code execution vulnerabilities.
Written by Ryan Naraine, Contributor on

Cisco has released a security fix for at least six security holes that expose users of its WebEx Player software to remote code execution attacks.

The affected Cisco WebEx WRF Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an on-line meeting attendee.

Here's the skinny from Cisco's advisory:

Multiple buffer overflow vulnerabilities exist in the WRF Player. The vulnerabilities may lead to a crash of the WRF Player application, or in some cases, lead to remote code execution.

To exploit a vulnerability, a malicious WRF file would need to be opened by the WRF Player application. An attacker may be able to accomplish this by providing the malicious WRF file directly to users (for example, via e-mail), or by convincing users to visit a malicious website. The vulnerability cannot be triggered by users attending a WebEx meeting.

For corporate users that rely heavily on WebEx recordings, this should be treated as a high-priority update.

Editorial standards