Serious holes in Cisco WebEx player patched
Cisco has published an advisory concerning four buffer overflows in the Cisco WebEx player and one buffer overflow in the Cisco Advanced Format player running on Windows, Mac OS X and Linux. According to Cisco, the vulnerabilities could allow an attacker to execute code on a system. The players are used to play back WebEx meeting recordings and are automatically installed when required by WebEx meetings. The problem exists in WebEx Business Suite with client builds 28.0.0, 27.32.1 (and earlier), 27.25.10 (and earlier), 27.21.10 (and earlier) and 27.11.26 (and earlier)
Exploiting the applications requires the playback of a maliciously constructed recording file which can either be delivered by email or by getting the user to visit a malicious web page; the vulnerabilities are not exploitable within a WebEx meeting. Where Cisco WebEx clients have been automatically installed, the company says they will be automatically updated. Customers who do not receive automatic updates can get updated players for Windows and Mac OS X from the Get WebEx Player page. Other versions and updates require contacting Cisco support.