| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Jun 2012 11:38:25 -0400 From: Cisco Systems Product Security Incident Response Team <psirt@...co.com> To: full-disclosure@...ts.grok.org.uk Cc: psirt@...co.com Subject: Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Advisory ID: cisco-sa-20120627-webex Revision 1.0 For Public Release 2012 June 27 16:00 UTC (GMT) +-------------------------------------------------------------------- Summary ======= The Cisco WebEx Recording Format (WRF) player contains four buffer overflow vulnerabilities and the Cisco Advanced Recording Format (ARF) player contains one buffer overflow vulnerability. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The players can also be manually installed for offline playback after downloading the application from http://www.webex.com/play-webex-recording.html. If the WRF or ARF players were automatically installed, they will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the WRF or ARF player was manually installed, users will need to manually install a new version of the player after downloading the latest version from http://www.webex.com/play-webex-recording.html. Cisco has updated affected versions of the WebEx meeting sites and WRF and ARF players to address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120627-webex -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk/rJEUACgkQUddfH3/BbTq0xwD5AcfRxNUZIGqkAH2Ly2/F2gm1 dNWaKy1hIfBIkk4oFVwA/1nlXcK77u6J/kNERLpg04SFvNh7HSYY2A7XU6BLeCy+ =eBKD -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists