* Cisco WebEx (Windows) 27.10 and Prior
Cisco WebEx Recording Format (WRF) player contains multiple buffer overflow vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.
The vulnerabilities are due to multiple buffer overflows in the Cisco WRF player. An unauthenticated, remote attacker could exploit these vulnerabilities by convincing a user to view a malicious WRF file. If successful, the attacker could cause the application to crash, resulting in a DoS condition. In some cases, the attacker could execute arbitrary code on a system with the privileges of the targeted user, which may result in a complete system compromise if the user holds elevated privileges.
Cisco has confirmed these vulnerabilities in a security advisory and released updated software.