-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0050 Title: Buffer Overflow Vulnerabilities in the Cisco WebEx Player [1] Version history: 10.04.2012 Initial publication Summary ======= The Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. Successful exploitation of the vulnerabilities could cause the Cisco WRF player application to crash and, in some cases, allow a remote attacker to execute arbitrary code on the system with the privileges of the user who is running the WRF player application. CVE-2012-1335 CVE-2012-1336 CVE-2012-1337 CVSS v2 Base Score:9.3 (CRITICAL) (AV:N/AC:M/Au:N/C:C/I:C/A:C) [5] Vulnerable systems ================== Client builds 27.32.0 (T27 LD SP32) and prior Client builds 27.25.9 (T27 LC SP25 EP9) and prior Client builds 27.21.10 (T27 LB SP21 EP10) and prior Client builds 27.11.26 (T27 L SP11 EP26) and prior To determine the WebEx client build, users can log in to their Cisco WebEx meeting site and navigate to the Support > Downloads section. The version of the WebEx client build will be displayed on the right side of the page. Cisco WebEx software updates are cumulative in client builds. For example, if client build 27.32.10 is fixed, build 27.32.11 will also contain the software update. Cisco WebEx site administrators have access to secondary version nomenclature, such as T27 SP25 EP10. Such an example indicates that the server is running client build 27.25.10. Original Details ================ The WebEx meeting service is a hosted multimedia conferencing solution that is managed and maintained by Cisco WebEx. The WRF file format is used to store WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The players are applications that are used to play back and edit recording files, which use the .wrf extension. The WRF players can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site (for stream playback mode). The WRF player can also be manually installed after downloading the application from http://www.webex.com/play-webex-recording.html to play back recording files locally (for offline playback mode). Exploitation of the vulnerabilities may cause the player application to crash or, in some cases, result in remote code execution. To exploit one of these vulnerabilities, the player application must open a malicious WRF file. An attacker may be able to accomplish this exploit by providing the malicious recording file directly to users (for example, by using e-mail) or by directing a user to a malicious web page. The vulnerabilities cannot be triggered by users who are attending a WebEx meeting. What can you do? ================ Fix is available [1]. What to tell your users? ======================== N/A More information ================ [1] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1335 [3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1336 [4] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1337 [5] Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 (DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPhCb8AAoJEPpzpNLI8SVo1b0QAJ7TN5/mKizFo5AT8yb0rp+u 2EPhKacKIYEYnDgrPT3lF9Hjrp2KC/20JGctCqmtzOOQCKjw6T7lqgkrA5TVvMBs 1Qp9m8OwEvFFfGC9dMDuBTvqoVmEBc+mPsnZi8gRcmMnW3Lxm3PIt/hJ33dS4PXe BIJV1oRUglQmEoAjfSKZeKMskxcqH6Wls0MUSmboEwf63gTp/zdUPBhif0vQgFzv QVTrgcWOx/O5budzza2NCXUtm4kvWUFIlcmJZ8GFbIVlhroy3vRO71aNDF9YYyHA cadB24Iyp7pDPoMTujqkvzy93KOt82McpMByFy3vcbIogd7PE+392KwbLDlwTFtg 5WbjpVxEgG++IrhUG1BE1wSuGk+X2GIGzwTTk9lSI4IQnAMWVhjtDwtRwNBF2Rft 8Gf+v6WSAI8TxQ3gnSiIxEaVe3eyKOY6U9ayGNKVlD3o7lTmBaP27ndPkLWxXDh5 uWezNS95SMU3d6nLSD7xfEpSdsZH3qGFD2BPPGJ93McaGv0SrG+wppTT2nlj09nA 4s90M3aUZAsJpD+5Hqz7VRvOKgb0viZ8zTB/CNRh5RJ8IFLrobFFMScSIB3Sy7qK sm8qD5miPd8fiG4eAvOPk1aPY8+aB36x2h1KPLLNvnZFQJYONTI9LtFdoIUDGgD3 +pLFsNsh6Menha+TFog7 =UhbC -----END PGP SIGNATURE-----