—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players
Advisory ID: cisco-sa-20171129-webex-players
Revision: 1.0
For Public Release: 2017 November 29 16:00 GMT
Last Updated: 2017 November 29 16:00 GMT
CVE ID(s): CVE-2017-12367, CVE-2017-12368, CVE-2017-12369, CVE-2017-12370, CVE-2017-12371, CVE-2017-12372
CVSS Score v(3): 9.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
+———————————————————————
Summary
=======
Multiple vulnerabilities exist in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit these vulnerabilities by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user.
The Cisco WebEx players are applications that are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server.
Cisco has updated affected versions of the Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF and WRF Players to address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players”]
—–BEGIN PGP SIGNATURE—–
iQKBBAEBAgBrBQJaHtsAZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHn33RAA5gSdXEdl4tdX5q0n
jZWO7SJlp45+9Z03XQA5VIRMKDkH7gZwOAnUsxWkd2g+qqpVz/+2qBThytISN36h
rCAN3IxtZLsGmEZnj1Uh9kofsf/etE610wFmUtK+tJo+Sjbo7wbGHFce4QyAALus
4bS34zzzOS88I7XQPSNy1CFwYRoStRJ0f3QZRjNVyHguXgrSJVVROXKkLliTkXZK
ymJ5xFVXxjksHNo/r5i0r5egu6654ciljrsS5hgxo4c5A765kVllNR65TBPfB+xL
c8GTWAh2z1k7AdoWqM9svJC31J8EfCnbbpy2Ty/R5dqu5ZCSdFcJOy2E+6NFJXFn
w8pn/fJ/lz0tCsH9zVUKnb7czr+E/XGjZxMDlbrj2ZJdwADSS4FuzelzCuEI/lW0
CtpnVuyaqO1306O2Sghe3dlHuiAPzkDYcf3yesRgaQQf2xX3c9tLj97S7EX6kt7W
5Z8ElYUrNJ5EWz+VHmVqLnfDeUVQRFY51o1UPbeD4Mj4Nwk9vTvDSl0ia9CzElBI
iqSiHw5a693k2+S1rxMM6pj4WXLvCPHGvG6EM0zIROykw8qIMaOXdW6Hkl91sIec
aVrU9SaMHxyBwgnWTUK1uaklcWMu502cRlDxHIdKdWMmzTU36ybyIL6Te0eah25Y
R9xgA9mnyHkpTBlJsQZIZId1sas=
=XF0Z
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com