9.3 - cisco-sa-20190123-webex-rce

Multiple vulnerabilities in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.

The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJcUgfoXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczru8P/R9ZItJx6Y7kzrTWxS1uYSEjwKYC 8BeToEqR6Hx8a6hwRIzremAPrfimZPcK1nj3xnaKtwCJhFjOlHNlYnrQGGG0M3Ov vTOnsiJbpxb9MMv/VXk2cSd+oy4REhxLte2BzlGijE0VBvcpWK2zEiHPNAYAIQ0f II1yzytDKeX462w7nFMEELPp3xg7nOM+rB3Fjr7KO0Q3JXqQ8i8EthbvDWghSvML vN0CCqs4h2e9JCpsjIqIk0f+cWUsV+FBfeG13jMNqySY4B6i+hEDT6XGfhddkqpe hR8LaVRabdfgq629HXqWku1+gIMUfvzQwod/2AP/aLYkNUwR5rJiYj2ASje9ECvy aIraGjLj1seYB8UqZLmdxHWCXpfF5KVRDPfvEkMQq3yrIpxoelHbG9MUpdrwTZkf 3j3YC3jz1LXv4QdDpQbuwI2Dy8Xuc7/ltTvHXRD9zE2vAarh1qc+QsGQgUIs96HT qPJmVHrDKQW396sSjYbFVUJXlgTIHehy0Qc9fjMhyiUxDUJXBQQHSm0iYAEmw608 kiX/9a2IagUXlMnsVbH2Ompm59y+6osZ5HqP5PO/Bil+Wi9bO2GtorE0wiv7rqdv cP+yP6tsmbzL6cou0oochsb0g86DovijUlOkc/PT4GLBiEHhwWJzzRqVmhiNLvpK wwvwVpzi7oGaznTG =rhd0 END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com