Info

Disclosure

Apr 04, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Apr 04, 2012

Description

Cisco WebEx Player is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted WRF file, a context-dependent attacker can potentially execute arbitrary code.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

Upgrade to version 27.25.10 (T27 LC SP25 EP10) or 27.32.1 (T27 LD SP32 CP1) or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.	WebEx Player	27.11.26 (T27 L SP11 EP26)
		27.21.10 (T27 LB SP21 EP10)
		27.25.9 (T27 LC SP25 EP9)
		27.32.0 (T27 LD SP32)

References

Security Tracker: 1026888
CVE ID: 2012-1337 (see also: NVD)
Secunia Advisory ID: 47023
Related OSVDB ID: 81104 81105
Packet Storm: http://packetstormsecurity.org/files/111595/Cisco-Security-Advisory-20120404-webex.html
Vendor Specific Advisory URL: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex
Vendor URL: http://www.cisco.com/en/US/hmpgs/index.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/81106

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

WebEx Player

References

Credit