what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Cisco Security Advisory 20110201-webex

Cisco Security Advisory 20110201-webex
Posted Feb 2, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system of a targeted user. The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on the computer of an on-line meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. The player can also be manually installed for offline playback after downloading the application from www.webex.com. If the WebEx recording player was automatically installed, it will be automatically upgraded to the latest, non-vulnerable version when users access a recording file that is hosted on a WebEx server. If the WebEx recording player was manually installed, users will need to manually install a new version of the player after downloading the latest version from www.webex.com. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, remote, overflow, arbitrary, vulnerability
systems | cisco
advisories | CVE-2010-3041, CVE-2010-3042, CVE-2010-3043, CVE-2010-3044, CVE-2010-3269
SHA-256 | b683e91ff48b26c27a3a43efd012c8c476d5f02bdea7b32585bd0c448f52fcac

Cisco Security Advisory 20110201-webex

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities

Advisory ID: cisco-sa-20110201-webex

Revision 1.0

For Public Release 2011 February 1 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx
Recording Format (WRF) and Advanced Recording Format (ARF) Players.
In some cases, exploitation of the vulnerabilities could allow a
remote attacker to execute arbitrary code on the system of a targeted
user.

The Cisco WebEx Players are applications that are used to play back
WebEx meeting recordings that have been recorded on the computer of
an on-line meeting attendee. The players can be automatically
installed when the user accesses a recording file that is hosted on a
WebEx server. The player can also be manually installed for offline
playback after downloading the application from www.webex.com

If the WebEx recording player was automatically installed, it will be
automatically upgraded to the latest, non-vulnerable version when
users access a recording file that is hosted on a WebEx server. If
the WebEx recording player was manually installed, users will need to
manually install a new version of the player after downloading the
latest version from www.webex.com

Cisco has released free software updates that address these
vulnerabilities.

This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110201-webex.shtml.

Affected Products
=================

Vulnerable Products
+------------------

The vulnerabilities disclosed in this advisory affect the Cisco WebEx
recording players. Microsoft Windows, Apple Mac OS X, and Linux
versions of the player are all affected. Affected versions of the
players are those prior to client builds T27LC SP22 and T27LB SP21
EP3. Customers who have contractual agreements that prevent WebEx
from automatically upgrading a recording player to the latest version
should contact their account manager to determine upgrade options.

To determine whether a Cisco WebEx server is running an affected
version of the WebEx client build, users can log in to their Cisco
WebEx server and go to the Support > Downloads section. The version
of the WebEx client build will be displayed on the right side of the
page under "About Support Center." See "Software Versions and Fixes"
for details.

Cisco recommends that users upgrade to the most current version of
the player that is available from www.webex.com/downloadplayer.html


Products Confirmed Not Vulnerable
+--------------------------------

No other Cisco products are currently known to be affected by these
vulnerabilities.

Details
=======

The WebEx meeting service is a hosted multimedia conferencing
solution that is managed and maintained by Cisco WebEx. The WRF and
ARF file formats are used to store WebEx meeting recordings that have
been recorded on the computer of an on-line meeting attendee. The
players are applications that are used to play back and edit
recording files (files with .wrf and .arf extensions). The recording
players can be automatically installed when the user accesses a
recording file that is hosted on a WebEx server (for stream playback
mode). The recording players can also be manually installed after
downloading the application from www.webex.com/downloadplayer.html
to play back recording files locally (for offline
playback mode).

Multiple buffer overflow vulnerabilities exist in the WRF and ARF
players. The vulnerabilities may lead to a crash of the player
application or, in some cases, remote code execution could occur.

To exploit one of these vulnerabilities, the player application would
need to open a malicious WRF or ARF file. An attacker may be able to
accomplish this exploit by providing the malicious recording file
directly to users (for example, by using e-mail) or by directing a
user to a malicious web page. The vulnerability cannot be triggered
by users who are attending a WebEx meeting.

These vulnerabilities have been assigned the following Common
Vulnerabilities and Exposures (CVE) identifiers:

* CVE-2010-3269
* CVE-2010-3041
* CVE-2010-3042
* CVE-2010-3043
* CVE-2010-3044

Vulnerability Scoring Details

Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.

CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.

Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.

Cisco has provided an FAQ to answer additional questions regarding
CVSS at:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html


Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:

http://intellishield.cisco.com/security/alertmanager/cvss

* Multiple Cisco WebEx Player Buffer Overflow Vulnerabilities

CVSS Base Score - 9.3
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete

CVSS Temporal Score - 7.7
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed


Impact
======

Successful exploitation of the vulnerabilities described in this
document could result in a crash of the Cisco WebEx ARF Player or WRF
Player application and, in some cases, allow a remote attacker to
execute arbitrary code on the system with the privileges of the user
who is running the recording player application.

Software Versions and Fixes
===========================

When considering software upgrades, also consult http://www.cisco.com/go/psirt
and any subsequent advisories to determine exposure and a
complete upgrade solution.

These vulnerabilities are first fixed in T27LC SP22 and T27LB SP21
EP3. For customers who are running T27LC SP22, the client build will
be represented as 27.22SP.0.9253. The fix for customers who are
running T27LB SP21 will be deployed by WebEx over the next few weeks.
The client build will be determined after the software is deployed.

The client build is listed in the Support > Downloads section of the
WebEx page after a user authenticates. WebEx bug fixes are cumulative
in a major release. For example, if release 27.22SP.0 is fixed,
release 27.22SP.1 will also have the software fix.

If a recording player was automatically installed, it will be
automatically upgraded to the latest, nonvulnerable version when
users access a recording file that is hosted on a WebEx server.

If a WebEx recording player was manually installed, users will need
to manually install a new version of the player after downloading the
latest version from www.webex.com/downloadplayer.html

Workarounds
===========

There are no workarounds for the vulnerabilities disclosed in this
advisory.

Obtaining Fixed Software
========================

Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.

Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml

Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.

Exploitation and Public Announcements
=====================================

The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.

These vulnerabilities were either found during internal testing or
reported to Cisco by a variety of sources, including Core Security,
TippingPoint, and Fortinet's FortiGuard Labs.

Cisco would like to thank these organizations for reporting these
vulnerabilities.

Status of this Notice: FINAL
============================

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.

A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.

Distribution
============

This advisory is posted on Cisco's worldwide website at :

http://www.cisco.com/warp/public/707/cisco-sa-20110201-webex.shtml

In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.

* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com

Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.

Revision History
================

+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2011-Feb-01 | public |
| | | release. |
+---------------------------------------+

Cisco Security Procedures
=========================

Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at
http://www.cisco.com/go/psirt.

+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)

iF4EAREIAAYFAk1IQjoACgkQQXnnBKKRMNCpdQEAg/vWtP38VKH2ZDeL9QMQfx6E
M8nIZdeL2XGonJpT60IA/0APzTbZPE+9rWTi1Z0lJqIgCjHls3jo+sGQWSPvxxkS
=Ur/Y
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close