Cisco WebEx Recording Format Player Multiple Vulnerabilities

by Carol~ Moderator - 10/12/12 7:29 AM

In Reply to: VULNERABILITIES / FIXES - October 12, 2012 by Carol~ Moderator

Release Date : 2012-10-11
Last Update : 2012-10-12

Criticality level : Highly critical
Impact: System access
Where : From remote
Solution Status : Vendor Patch

Software: WebEx Recording Format Player

Description:
Multiple vulnerabilities have been reported in Cisco WebEx Recording Format Player, which can be exploited by malicious people to compromise a user's system.

1) An unspecified error can be exploited to cause a buffer overflow via a specially crafted WRF file.

2) An unspecified error can be exploited to cause a buffer overflow via a specially crafted WRF file.

3) An unspecified error can be exploited to cause a buffer overflow via a specially crafted WRF file.

4) An error in the atas32.dll module can be exploited to corrupt memory via a specially crafted WRF file.

5) An unspecified error can be exploited to cause a buffer overflow via a specially crafted WRF file.

6) An unspecified error can be exploited to cause a heap-based buffer overflow via a specially crafted WRF file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in the following versions:
* T28 client builds prior to T28.4 (28.4)
* T27 client builds prior to T27LDSP32EP10 (27.32.10)

Solution:
Update to version 28.4 or 27.32.10.

Provided and/or discovered by
4) Oren Isacson, Core Security Technologies.

The vendor also credits Beyond Security, Codenomicon, and TELUS.

Original Advisory:
Cisco:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex

Core Security Technologies:
http://www.coresecurity.com/content/webex-wrf-memory-corruption-vulnerability

http://secunia.com/advisories/50905