Core Security Technologies Advisory - There are stack overflows on WebEx that can be exploited by sending maliciously crafted .atp and .wrf files to a vulnerable WebEx user. When opened, these files trigger a reliably exploitable stack based buffer overflow. Code execution is trivially achieved on the .wrf case because WebEx Player allocates a function pointer on the stack that is periodically used in what seems to be a callback mechanism, and also because DEP and ASLR are not enabled. In the .atp case an exception handler can be overwritten on the stack, and most registers can be trivially overwritten.
352f1691497ff70b83f9039f8094fb6c41b1beb68e1b341fbc1f1722864dc8d2