copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2014.0696 - [Win][OSX] Cisco WebEx Players: Multiple vulnerabilities

Date: 09 May 2014

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.0696
       Multiple Vulnerabilities in the Cisco WebEx Recording Format
                   and Advanced Recording Format Players
                                9 May 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco WebEx Players
Publisher:         Cisco Systems
Operating System:  Windows
                   OS X
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-2136 CVE-2014-2135 CVE-2014-2134
                   CVE-2014-2133 CVE-2014-2132 

Original Bulletin: 
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players

Advisory ID: cisco-sa-20140507-webex

Revision 1.0

For Public Release 2014 May 7 16:00  UTC (GMT)

Summary
=======

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players. Exploitation of these vulnerabilities could allow a remote attacker to cause an affected player to crash and, in some cases, could allow a remote attacker to execute arbitrary code on the system of a targeted user.

The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx server.

Cisco has updated affected versions of the Cisco WebEx Business Suite meeting sites, Cisco WebEx 11 meeting sites, Cisco WebEx Meetings Server, and Cisco WebEx WRF and ARF Players to address these vulnerabilities. 

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTakVrAAoJEIpI1I6i1Mx3L9UP/0C/E8W9uqZ7PXRK8mmdhXZG
N8r/eluyYFxieCuMf2vKRhseRy0b1r4voVT/JduymoxONoh+KcmWWpVabmXwWL7Q
fhFemWAp8avu2/4bfqvUnS6k+U57ew+LhEDchGMx+j/iyv4axeCA6cBjVA3qkh/x
skisxr5Sgftq2+9lPXOvh2EpDXAUV6r2f6CfxlcLJIrgYQP5SGKdb2NZX9DctgeI
pBhUXMQmO4tT8/IZ1Y5h2s+9Z45iDc+sluW4YfPc5wdAwfjifTmR7Haem94mjf2Q
a108I+77c8wHd1nb+KTxHOh/QhYcY64FhIbvqdjtC2CgMB1e61dlvBejnr/RVFHv
+9CiiAy12vRTXCAxk/GAABCQWNVJHUEBEME/IQeaLYdDoU0x3njR2476xYogCCgg
dkA9jTUPsjg6nBJl42q2Cne3cx31MUuj5zsZoxmeMXjFeTCmZlRSgr33F8uC3s3d
DHRoykjLpviMS6tRVWqVyXI/5C4xfjEZPgElSJbBW9/s2MiFECb1Kbwv22lX9sai
nzxqe62U0doKOqTEFi50Jd7MYuqvOZPlfZ+MCOoOn6T4m40uljjNtqEHU6S5LEYL
oZ/xoqFfe3nT/4o3M4rSA9MDSqCPD/rx8sf14IMgyHoz+vCT8Zx0eaNZxDR1BbjP
P/v+WwMQgOPwYp48q0Tc
=k+fv
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU2xwkhLndAQH1ShLAQLumQ/+M0nmkc+IoQdkHt9wWu+WooK71N4QJQxT
ohYiIzZKu/ljctexNZ49Lx/Onr4/+8YqN1IIGkX+WXn8eL/6IFA8VpWJ4o+MoyN5
C1PxcBjmHVSaV8SQeMFWpbE40tG/F3lW8Gx4FB4wT/byOOmw02fiLtL0uO66gS2v
3Flmr8cZiVOpUIZyTHem2uZeAw1ToIVpimpBwHSvhx65NCLfuMqmIG5RMHNlyfSb
b2ZzQILIIou13vsMZEY5x2llu6Oc82veEhzCqjUVoVuXGfSkA0gn9BpPoy+rt2yy
JXLy8A/qalf4L5fqbmdo1eQXaain9LrKqN0jsNgPwhBqcLGy4JHP6QVZsOvtqkKQ
SBY8SSDxdkhI/C0hJGGE38rc9N8E5I7WNilYYGHkjaagBGuLY1m5N52NZ/f/IWY8
gVwdUtS6JMOCe+7ZRJ3BWG6vNJ/GcJ4aHW7lkh1OZLETTDQYv2ZQ85J8AGFgFUDM
5T34fPjWIXpSXWiGLnaA/VNZnNxsMT6i2DGWQQUdMpH5KdIg6riyr55HIpOaZEjY
eOAv9w5+qv1XG2LGlABdPHsoRE/lKNoO1TceIBrFLEKHCRJY3Y1nObOAZuFYS1fI
Y44kOQBNmaW4SbW7wLS7kFkQhps0EnIi2+mGr0Vn7aZesCGR6k3/BPbBt8hGHW8y
7gUOnZU3QqA=
=5psZ
-----END PGP SIGNATURE-----