Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: WebEx Player Insecure

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Cisco
And, this specific program:
WebEx Recording Format Player

This thread has been marked as locked.
dwaters WebEx Player Insecure
Member 26th Jan, 2010 22:04
Ranking: 0
Posts: 5
User Since: 25th Sep, 2009
System Score: N/A
Location: N/A
Secunia says the WebEx Player version 2.5.49.2 is insecure, and is a serious threat. I cannot find the program in the referenced installation path, in the Control Panel 'Add/Remove Programs', or by doing a Search of my files and folders for WebEx or WebEx Player, even with searching hidden files and folders.

I have never purchased the program, and don't know how it got on my computer. By clicking the Download Solutions Button of Secunia, I am taken to the Cisco Webex website, but find no help there.

Help !

Maurice Joyce RE: WebEx Player Insecure
Handling Contributor 26th Jan, 2010 22:44
Score: 11726
Posts: 8,970
User Since: 4th Jan 2009
System Score: N/A
Location: UK
FINDING A VULNERABILITY FILE PATH
=================================

To locate the exact file that the Secunia PSI has detected, use or switch to the ADVANCED interface, then :

1 Click on the + sign of the programme to "expand' it.
2 Click on Technical Details in the Toolbox to see the installation path of the detected file. (Copy (CTRL+C) & paste (CTRL+V) the Installation Path of the file back to the Forum if U are unsure what to do next).


21:43 26/01/2010




















--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
dwaters RE: WebEx Player Insecure
Member 26th Jan, 2010 23:02
Score: 0
Posts: 5
User Since: 25th Sep 2009
System Score: N/A
Location: N/A
Last edited on 26th Jan, 2010 23:02
C:\WINDOWS\Downloaded Program Files\WebEx\500\atas32.dll

That is the path indicated, but there is no WebEx folder or file in the Downloaded Program Files folder.
Was this reply relevant?
+0
-0
Maurice Joyce RE: WebEx Player Insecure
Handling Contributor 26th Jan, 2010 23:39
Score: 11726
Posts: 8,970
User Since: 4th Jan 2009
System Score: N/A
Location: UK

REMOVING ACTIVEX
=================
The traditional method to remove ActiveX is:

* * * Windows XP
++++++++++++++++


Launch the command prompt from accessories in the programs list or go to Start>run> and insert CMD in the box that appears.
type: cd c:\windows\downloaded program files
press enter
type: dir
press enter
find the correct file in the list
type: del <name of correct file without these braces>
press enter
type: exit
press enter

* * * Vista
+++++++++++

Open Start/Search
type "Command Prompt" into the search window
A Command Prompt icon will display
Right click on it
select "Run as administrator"
type: cd c:\windows\downloaded program files
press enter
type: dir
press enter
find the correct file in the list
type: del <name of correct file without these braces>
press enter
type: exit
press enter




22:38 26/01/2010























--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
choisington RE: WebEx Player Insecure
Member 27th Jan, 2010 04:44
Score: 0
Posts: 22
User Since: 31st Oct 2008
System Score: N/A
Location: N/A
Last edited on 27th Jan, 2010 05:01
I have the same issue. The recommended resolution (download new program from vendor) failed.

After running command prompt I saw no files that I could match with the path.

I did see a DIR WebEX and under that 3 files. They are wlscBase.dll; wlscBase.inf; and wuweb.inf

Should I delete those 3?

Thank you
Was this reply relevant?
+0
-0
Maurice Joyce RE: WebEx Player Insecure
Handling Contributor 27th Jan, 2010 15:35
Score: 11726
Posts: 8,970
User Since: 4th Jan 2009
System Score: N/A
Location: UK

I think U are trying to clear the WebX Player?

This file - wlscbase.dll is a Windows Live One Care Safety Scanner Base & I suspect the other 2 belong to Windows One Care in that they have reports of false positives on numerous anti malware programmes.

If U do not have Windows One Care installed anymore U can delete them.


To find WebX & other Active X U may wish to dump another way try this:

In PSI click the + sign next to the WEBX vulnerability Secunia has found. Select OPEN FOLDER from the toolbox - the file is in there. Try a RIGHT click & delete.


14:34 27/01/2010




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
choisington RE: WebEx Player Insecure
Member 27th Jan, 2010 15:53
Score: 0
Posts: 22
User Since: 31st Oct 2008
System Score: N/A
Location: N/A
Thank you

The message from this attempt is that the folder does not exist.

A rescan still shows the vulnerability present.
Was this reply relevant?
+0
-0
Maurice Joyce RE: WebEx Player Insecure
Handling Contributor 27th Jan, 2010 17:26
Score: 11726
Posts: 8,970
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Secunia would not have found it if it did not exist - are U sure it is on the C drive?

FINDING A VULNERABILITY FILE PATH
=================================

To locate the exact file that the Secunia PSI has detected, use or switch to the ADVANCED interface, then :

1 Click on the + sign of the programme to "expand' it.
2 Click on Technical Details in the Toolbox to see the installation path of the detected file. (Copy (CTRL+C) & paste (CTRL+V) the Installation Path of the file back to the Forum if U are unsure what to do next).



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
choisington RE: WebEx Player Insecure
Member 27th Jan, 2010 18:03
Score: 0
Posts: 22
User Since: 31st Oct 2008
System Score: N/A
Location: N/A
C:\WINDOWS\Downloaded Program Files\WebEx\500\atas32.dll

My hard drive is not partitioned-everything is on C

Clicking on the open folder gives the message that it does not exist.

Was this reply relevant?
+0
-0
Maurice Joyce RE: WebEx Player Insecure
Handling Contributor 27th Jan, 2010 18:13
Score: 11726
Posts: 8,970
User Since: 4th Jan 2009
System Score: N/A
Location: UK
OK - navigate there.

Right click on Start>select EXPLORE (open windows explorer)Click C>Windows>Downloaded program files

The file U want is in here - try to delete it by right clicking



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
choisington RE: WebEx Player Insecure
Member 27th Jan, 2010 19:44
Score: 0
Posts: 22
User Since: 31st Oct 2008
System Score: N/A
Location: N/A
Here's what explorer shows for downloaded program files:

8FFBE65D-2C9...
get atl com
ILINCInstall 102C...
Java Runtime En...
Java Runtime En...
Java Runtime En...
Microsoft Data C...
MUWebControl Cl...
Parallel Graphics...
Shockwave AvtiV...
Shockwave ActiV...
Shockwave Flash...
WUWebControl C...

There's nothing there I can associate with Webex.

A search for atas32.dll finds nothing

The command prompt still has a line stating <DIR> WebEx

A search for WebEx returns nothing.

A rescan of PSI shows the vulnerability still present.

Any more thoughts?

In light of the above I'm tempted to ignore the issue, yet I'm still intrigued that the scan finds something.


Thanks for the input.
Was this reply relevant?
+0
-0
Maurice Joyce RE: WebEx Player Insecure
Handling Contributor 27th Jan, 2010 20:44
Score: 11726
Posts: 8,970
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 27th Jan, 2010 20:46
This looks like it

get atl com

what is its properties?

Rename it OLD if U remain unsure - if PSI gives a clear bill opf health just delete it.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
choisington RE: WebEx Player Insecure
Member 27th Jan, 2010 21:05
Score: 0
Posts: 22
User Since: 31st Oct 2008
System Score: N/A
Location: N/A
General properties include:

get_atlcom Class
created 12/17/2009 4:37 PM
last accessed 1/27/2010
total size 77,824 btes
status: installed
code base http://platformdl.adobe.com/NOS/getPlusPlus/1.
Was this reply relevant?
+0
-0
Maurice Joyce RE: WebEx Player Insecure
Handling Contributor 27th Jan, 2010 21:15
Score: 11726
Posts: 8,970
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Delete it.

It could also be in add/remove as an Adobe Download Manager.

This is total bloatware dross from Adobe via a 3rd party company called NOS.

U do not need it to install any Adobe products.



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
choisington RE: WebEx Player Insecure
Member 27th Jan, 2010 21:22
Score: 0
Posts: 22
User Since: 31st Oct 2008
System Score: N/A
Location: N/A
DONE

I was hoping-not expecting-that this would clear the PSI issue. It didn't, PSI still says I have Webex Player, the same as at the beginning of this thread.

Thanks for the help.

Any more ideas?
Was this reply relevant?
+0
-0
Maurice Joyce RE: WebEx Player Insecure
Handling Contributor 27th Jan, 2010 21:25
Score: 11726
Posts: 8,970
User Since: 4th Jan 2009
System Score: N/A
Location: UK
This looks like another dead ringer:

Parallel Graphics

Just check its properties.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
choisington RE: WebEx Player Insecure
Member 27th Jan, 2010 22:18
Score: 0
Posts: 22
User Since: 31st Oct 2008
System Score: N/A
Location: N/A
General properties

Active X Control

created 11/7/2007 3:00 PM

size 4,087,808 bytes

status installed

code base http://www.parallelgraphics.com/12/bin/cortvml...

23 dependencies
Was this reply relevant?
+0
-0
Maurice Joyce RE: WebEx Player Insecure
Handling Contributor 27th Jan, 2010 22:38
Score: 11726
Posts: 8,970
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Have U tried that link? As far as I am concerned it is dead.

What does that programme do? Looks like the vendor is out of business.

If it is not that one the only other 2 that require investigation are:

8FFBE65D-2C9...
ILINCInstall 102C...
provided U have removed this one get atl com


Just check the properties - it will give U a clue.

Post back if still unsure.


21:37 27/01/2010


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
choisington RE: WebEx Player Insecure
Member 27th Jan, 2010 22:56
Score: 0
Posts: 22
User Since: 31st Oct 2008
System Score: N/A
Location: N/A
I have removed all 3 of the suspected downloaded program files. No adverse consequences noted yet. Unfortunately the PSI scan is unchanged, reciting the same installation path as before.

I'm out of ideas, do you have any more?
Was this reply relevant?
+0
-0
Maurice Joyce RE: WebEx Player Insecure
Handling Contributor 27th Jan, 2010 23:08
Score: 11726
Posts: 8,970
User Since: 4th Jan 2009
System Score: N/A
Location: UK
PSI can be slow sometimes. Have U rebooted & carried out a full scan?

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
choisington RE: WebEx Player Insecure
Member 27th Jan, 2010 23:22
Score: 0
Posts: 22
User Since: 31st Oct 2008
System Score: N/A
Location: N/A
Yes-no change.

TYVM
Was this reply relevant?
+0
-0
Maurice Joyce RE: WebEx Player Insecure
Handling Contributor 27th Jan, 2010 23:28
Score: 11726
Posts: 8,970
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 27th Jan, 2010 23:29
Have another look in the folder.

If I have followed U correctly U should only have these entries?

Java Runtime En...
Java Runtime En...
Java Runtime En...
Microsoft Data C...
MUWebControl Cl...
Shockwave AvtiV...
Shockwave ActiV...
Shockwave Flash...
WUWebControl C...

If that is the case investigate the Shockwave AvtiV entries

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
choisington RE: WebEx Player Insecure
Member 28th Jan, 2010 00:33
Score: 0
Posts: 22
User Since: 31st Oct 2008
System Score: N/A
Location: N/A
Your record of entries is correct.

I have removed the 2 you suggested and uninstalled adobe shockwave player, rebooted and run a registry repair tool.

Results: PSI still detects the unpatched WebEx player as described at the beginning of this thread.

I don't know what it is detecting but don't think it in windows downloaded program files.

I installed the new WebEx plaayer PSI suggested as the preferred resolution of the issue. Again, no success.
Was this reply relevant?
+0
-0
Maurice Joyce RE: WebEx Player Insecure
Handling Contributor 29th Jan, 2010 12:02
Score: 11726
Posts: 8,970
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Believe me it is there.

Try looking at the properties of the Adobe Flash entry.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
ComplyAnt RE: WebEx Player Insecure
Member 10th Feb, 2010 10:02
Score: 0
Posts: 2
User Since: 10th Feb 2010
System Score: N/A
Location: UK
I had the same problem - WebEx was not showing in Control Panel. However Kaspersky was more helpful in providing a file path.

Under C:\Users\All Users\WebEx I found a set of files including atcliun.exe
atgpcdec.dll
atgpcext.dll
atmgr.exe

Now I believe you have already searched your computer for files called Webex? If so, you may want to try searching for the above file names or similar ones.

atcliun.exe is the uninstall program for the web client of webex.





--
Better safe than sorry
Was this reply relevant?
+0
-0
YahsXP RE: WebEx Player Insecure
Member 14th Feb, 2010 12:52
Score: 0
Posts: 1
User Since: 8th Jan 2010
System Score: N/A
Location: N/A
Hello, I have the same problem... It comes with the software from Cisco for the Linksys Wireless modem. PSI sent me to this site... http://www.webex.com/downloadplayer.html I don't know which player to download or should I just delete webex all together. Thanks
Was this reply relevant?
+0
-0
Anthony Wells RE: WebEx Player Insecure
Expert Contributor 14th Feb, 2010 13:25
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 14th Feb, 2010 13:26
@yahsxp

There is more info here :-

http://secunia.com/community/forum/thread/show/341...

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability