Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: WebEx Player Insecure

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Cisco
And, this specific program:
WebEx Recording Format Player

This thread has been marked as locked.
RayOK01 WebEx Player Insecure
Member 12th Jul, 2012 17:51
Ranking: 0
Posts: 6
User Since: 12th Jul, 2012
System Score: N/A
Location: US
There doesn't appear to be a clear path or clear instructions to an automatic update patch in the PSI procedure or the Cisco website. Please advise what needs to be done to update to new version 28.100.12.113.

Do the two instances of the inscure program need to be uninstalled? Which Cisco programs need to be installed -- for .ARF or .WRF? Where are they located?

Have not been able to find the patch solution.

Path to current programs:
C:\Program Files (x86)\WebEx\Record Playback\atasanot.exe
C:\ProgramData\WebEx\WebEX\1132\atasanot.exe

ddmarshall RE: WebEx Player Insecure
Dedicated Contributor 12th Jul, 2012 21:00
Score: 1208
Posts: 960
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Does this help?
http://tools.cisco.com/security/center/content/Cis...
http://www.webex.com/play-webex-recording.html

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
RayOK01 RE: WebEx Player Insecure
Member 12th Jul, 2012 21:47
Score: 0
Posts: 6
User Since: 12th Jul 2012
System Score: N/A
Location: US
TY. I understand now that there is no automatic install and that I must manually uninstall the old version of the program and then manually install the new version from the CISCO website. Do I install both -- .ARF file and .WRF file?
Was this reply relevant?
+0
-0
ddmarshall RE: WebEx Player Insecure
Dedicated Contributor 12th Jul, 2012 22:39
Score: 1208
Posts: 960
User Since: 8th Nov 2008
System Score: 98%
Location: UK
You download the player which corresponds to the WebEx files that you have downloaded. They have either an .arf or .wrf extension. If you do not have any WebEx files at the moment, you can just uninstall any players that you see in Programs and Features and reinstall the appropriate player the next time you download a WebEx recording.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
RayOK01 RE: WebEx Player Insecure
Member 13th Jul, 2012 23:56
Score: 0
Posts: 6
User Since: 12th Jul 2012
System Score: N/A
Location: US
Thank you very much. That was the answer I hoped for. I've never used Webex and don't anticipate using it in the future, I will unstall both instances. I don't think it is a standard Windows 7 install. How would I have gotten it?

I apprecite your taking the time to explain so clearly.
Was this reply relevant?
+0
-0
ddmarshall RE: WebEx Player Insecure
Dedicated Contributor 14th Jul, 2012 13:09
Score: 1208
Posts: 960
User Since: 8th Nov 2008
System Score: 98%
Location: UK
It's not really a home user type product. Check here for anything that you might use:
http://www.webex.com/why-webex/overview.html

WebEx also produce PCNow. I don't know if that would include the WebEx players.

If you did not install yourself, it may have come along with something else. I've never noticed it being pre-installed by an OEM.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
RayOK01 RE: WebEx Player Insecure
Member 16th Jul, 2012 14:44
Score: 0
Posts: 6
User Since: 12th Jul 2012
System Score: N/A
Location: US
Thank you.
Was this reply relevant?
+0
-0
ddmarshall RE: WebEx Player Insecure
Dedicated Contributor 16th Jul, 2012 17:15
Score: 1208
Posts: 960
User Since: 8th Nov 2008
System Score: 98%
Location: UK
By coincidence, I was looking up some information on ASUS laptops when I noticed some include a Video Conferencing application called Virtual Camera. This could be a rebranded WebEx but I've not had my hands on an ASUS laptop to confirm it.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
RayOK01 RE: WebEx Player Insecure
Member 16th Jul, 2012 18:46
Score: 0
Posts: 6
User Since: 12th Jul 2012
System Score: N/A
Location: US
Not something I would use either. Since I got my W7/Dell 9100 Desktop a few years ago, I have done no video conferencing, nor do I remember that it was part of the software feature list.

I have successfully uninstalled both instances of WebEx etc. and rebooted and am missing no computer functionality. Time will tell if some other computer feature will burp w/o WebEx, but for now, I've closed the security hole and all is well.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability