Executive Summary

Title Cisco WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities
Name cisco-sa-20170621-wnrp First vendor Publication 2017-06-21
Vendor Cisco Last vendor Modification 2017-06-21
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user.

The Cisco WebEx Network Recording Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp"]


iQKBBAEBAgBrBQJZSprGZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHl3jQ/+KuPJz5wXVshtjdp/ bVUWAVBJtUpBdHYrSH4tRlx57ExQ0ej2tA2yW6zUu9OXLdNCH/gCTSJcDC9yM1Ra x51Wsrf9cP63SkPnbnPD/lxaIlNh7wjkTvDUnO/W3qmeQpz71/jaywh+Z3ImaPP3 dYzMV8PP5MWMSPTx3gogwmCIPkVX9RDdXh/50plK7DuWIAMbKqwqUTSxhBIZk4y9 BEvx7Zp22R4NiMPfFYC+t18OYSOjvCXCSuWl2TNdFSqnI//rG769Ly7nt2kivTcc 0bXAXM2bk+adedkMua9O+7WEF25ujWB3jyzyF6m9FbqIvui81SsG7BZJhuzaUA0e r7RZBfhyEXXPgAML83LUXmL9kpSapIUBcwmM8RbYHEEPEx6NV1roaCbvzPDEctvS xr3qTRYtSoLYzaKgzdnDjCyzUlceFBOnsJRVyLoapTxEpy68ZYl2RitA6oWDLEwW 4SZ8QP4VbZDZ+8m10IfxskHlM/c/fR/ohL5Uc+Hw8IUyDqAi/SVUHll14MYdqIIe q1lDvznTagl9U1iSYH0+1TxbXQHW8a7B7Pq0bqPRe0FqSQyzM7Zl5jF/QN+CBrWo qkIA7ChdWC5W/IQsV+QN6M+9Dc59XvRpZ91ZnXEU2jVg0630QNBrN73U3Nd+bann 5CXZ/guEWgR2BVSql06UQDr4Rq8= =7soC END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Application 1

Nessus® Vulnerability Scanner

Date Description
2017-07-07 Name : The video player installed on the remote Windows host is affected by a remote...
File : cisco-sa-20170621-wnrp.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2017-07-08 13:24:44
  • Multiple Updates
2017-07-03 17:24:25
  • Multiple Updates
2017-06-26 13:25:38
  • Multiple Updates
2017-06-21 21:22:00
  • First insertion