October 24, 2014

Cisco updates its WebEx Player to fix four buffer overflow vulnerabilities

(LiveHacking.Com) – Cisco has released a security advisory and software updates to fix four buffer overflow vulnerabilities found in its  WebEx Recording Format (WRF) player. The advisory also covers a buffer overflow vulnerability in the Cisco Advanced Recording Format (ARF) player.  By exploiting these vulnerabilities it is possible, in some cases, for a remote attacker to execute arbitrary code on the targeted system.

The players affected are part of Cisco’s WebEx meeting system and can be used to play back meetings recorded using the WebEx format. To exploit any of the vulnerabilities, the player application must open a specially crafted WRF or ARF file. This could be achived by using social engineering and tricking the user into opening the malicious file directly (for example, by using e-mail or social media). However the vulnerabilities cannot be triggered by users who are attending a WebEx meeting.

A summary of the bugs and the Common Vulnerabilities and Exposures (CVE) identifiers have been released:

  • Cisco WebEx Arbitrary Code Execution Through ARF Files – CVE-2012-3053 – Buffer overflow allows remote attackers to execute arbitrary code via a crafted ARF file.
  • Cisco WebEx Player WRF File Heap Overflow – CVE-2012-3054 – Heap-based buffer overflow allows remote attackers to execute arbitrary code via a crafted WRF file.
  • WRF JPEG DHT Chunk Stack Buffer Overflow – CVE-2012-3055 – Stack-based buffer overflow allows remote attackers to execute arbitrary code via a crafted DHT chunk in a JPEG image within a WRF file.
  • WRF File Memory Corruption – CVE-2012-3056 – Buffer overflow allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file.
  • WRF File Audio Size Heap Overflow – CVE-2012-3057 – A heap-based buffer overflow allows remote attackers to execute arbitrary code via a crafted size field in audio data within a WRF file.

The following client builds of Cisco WebEx Business Suite (WBS 27 and WBS 28) are affected by at least one of the vulnerabilities:

  • Client builds 28.0.0 (T28 L10N)
  • Client builds 27.32.1 (T27 LD SP32 CP1) and prior
  • Client builds 27.25.10 (T27 LC SP25 EP10) and prior
  • Client builds 27.21.10 (T27 LB SP21 EP10) and prior
  • Client builds 27.11.26 (T27 L SP11 EP26) and prior

If the players were automatically installed on a PC then they will be automatically upgraded to the latest version when a users tries to access a recording file on the WebEx meeting site. If the WRF or ARF player was manually installed, users will need to manually install a new version of the player after downloading the latest version from http://www.webex.com/play-webex-recording.html.