|
|
|
|
| |
Credit:
The information has been provided by Federico Muttis, Sebasti n Tello and Manuel Muradas.
The original article can be found at: http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities
|
| |
Vulnerable Systems:
* Contact Cisco for a list of vulnerable versions.
There are stack overflows on WebEx that can be exploited by sending maliciously crafted .atp and .wrf files to a vulnerable WebEx user. When opened, these files trigger a reliably exploitable stack based buffer overflow. Code execution is trivially achieved on the .wrf case because WebEx Player allocates a function pointer on the stack that is periodically used in what seems to be a callback mechanism, and also because DEP and ASLR are not enabled. In the .atp case an exception handler can be overwritten on the stack, and most registers can be trivially overwritten.
Patch Availability:
A non-vulnerable version of WebEx Player should be available at: http://www.webex.com/downloadplayer.html
CVE Information:
CVE-2010-3269
CVE-2010-3270
Disclosure Timeline:
Date published: 2011-01-31
Date of last update: 2011-01-31
|
|
|
|
|
