In association with heise online

02 July 2012, 10:09

Serious holes in Cisco WebEx player patched

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cisco WebEx Cisco has published an advisory concerning four buffer overflows in the Cisco WebEx player and one buffer overflow in the Cisco Advanced Format player running on Windows, Mac OS X and Linux. According to Cisco, the vulnerabilities could allow an attacker to execute code on a system. The players are used to play back WebEx meeting recordings and are automatically installed when required by WebEx meetings. The problem exists in WebEx Business Suite with client builds 28.0.0, 27.32.1 (and earlier), 27.25.10 (and earlier), 27.21.10 (and earlier) and 27.11.26 (and earlier)

Exploiting the applications requires the playback of a maliciously constructed recording file which can either be delivered by email or by getting the user to visit a malicious web page; the vulnerabilities are not exploitable within a WebEx meeting. Where Cisco WebEx clients have been automatically installed, the company says they will be automatically updated. Customers who do not receive automatic updates can get updated players for Windows and Mac OS X from the Get WebEx Player page. Other versions and updates require contacting Cisco support.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit