Executive Summary

Title Multiple Vulnerabilities in the Cisco WebEx Recording Format Player
Name cisco-sa-20121010-webex First vendor Publication 2012-10-10
Vendor Cisco Last vendor Modification 2012-10-10
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


The Cisco WebEx Recording Format (WRF) player contains six buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user.

The Cisco WebEx WRF Player is an application used to play back WRF WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The Cisco WebEx WRF Player can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The Cisco WebEx WRF Player can also be manually installed for offline playback after downloading the application from: http://www.webex.com/play-webex-recording.html.

If the Cisco WebEx WRF Player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the Cisco WebEx WRF Player was manually installed, users will need to manually install a new version of the Cisco WebEx WRF Player after downloading the latest version from: http://www.webex.com/play-webex-recording.html.

Cisco has updated affected versions of the WebEx meeting sites and Cisco WebEx WRF Player to address these vulnerabilities.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex

BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlB1h6AACgkQUddfH3/BbTrjWAD/Xo3bSaXFymHXWKgoGNJQTRcp MFilgSgS+0Hp09ncDC0A/R+0E3BmJFwMukJw6IPAQkp+AjYus1naLVDcQMjh7svJ =tuKg END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Application 5

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-10-18 IAVM : 2012-B-0105 - Multiple Vulnerabilities in Cisco WebEx WRF Player
Severity : Category II - VMSKEY : V0034341

Snort® IPS/IDS

Date Description
2014-01-10 Cisco WebEx WRF memory corruption attempt
RuleID : 25304 - Revision : 8 - Type : FILE-OTHER
2014-01-10 Cisco WebEx WRF memory corruption attempt
RuleID : 25303 - Revision : 8 - Type : FILE-OTHER

Nessus® Vulnerability Scanner

Date Description
2012-10-26 Name : The video player installed on the remote Windows host has multiple buffer ove...
File : cisco-sa-20121010-webex_wrf.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2014-02-17 10:22:06
  • Multiple Updates
2013-11-11 12:37:31
  • Multiple Updates
2013-02-06 19:08:02
  • Multiple Updates