|
|
|
|
| |
Credit:
The original article can be found at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex
The information has been provided by Beyond Security, Core Security, Codenomicon, and TELUS..
|
| |
Vulnerable Systems:
* Cisco WebEx (Windows) 27.10 and Prior
Cisco WebEx Recording Format (WRF) player contains multiple buffer overflow vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.
The vulnerabilities are due to multiple buffer overflows in the Cisco WRF player. An unauthenticated, remote attacker could exploit these vulnerabilities by convincing a user to view a malicious WRF file. If successful, the attacker could cause the application to crash, resulting in a DoS condition. In some cases, the attacker could execute arbitrary code on a system with the privileges of the targeted user, which may result in a complete system compromise if the user holds elevated privileges.
Cisco has confirmed these vulnerabilities in a security advisory and released updated software.
CVE Information:
CVE-2012-3941
Disclosure Timeline:
Initial public release 2012-October-10
|
|
|
|
|
