Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: WebEx Player not Secure

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Cisco
And, this specific program:
WebEx Recording Format Player

This thread has been marked as locked.
rougena WebEx Player not Secure
Member 30th Jan, 2010 11:49
Ranking: 2
Posts: 20
User Since: 13th Jan, 2009
System Score: N/A
Location: N/A
Dear All,

The most recent PSI Scan popped-up the WebEx Player as being no longer secure.

A quick check I performed on my installation history (courtesy of Ashampoo's excelent UnInstaller suite) showed that the WebEx Player was added to my "arsenal" as part of the installation of PureNetworks' (nowadays Cisco) Network Magic.

The Download Solution offered by PSI brings one to < http://www.webex.com/downloadplayer.html >, a Cisco page (surprise, surprise!) that asks the visitor to CHOOSE which Player [s]he needs: the ARF or the WRF!

Now here's the question: how exactly is the User supposed to know which of the two Players was installed, without her/his intervention, by Cisco's Installer for Network Magic, in order to make the right choice (and not mistakenly render the main application, Network Magic, non-functional)?
Also, if PSI detected already a module that is not up-to-date (atas32.dll) that belongs to the said WebEx application, why not point directly to the correct Player (ARF/WRF) that this module belongs to (assuming that it does not belong to both ...)?
Finally, if atas32.dll is a COMMON module of both Players, why not check the version on modules that are specific to each, and then direct the User to the correct download?

Any operative input may help.

Thanks in advance for your attention to this matter,

Sincerely,

Rougena N.-T.

thedillpickl RE: WebEx Player not Secure
Contributor 31st Jan, 2010 01:15
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi rougena;

Kind of sounds like Cisco is the one to ask. Perhaps there is support for Network Magic.

PSI's pointing out the WebEx Player as insecure & has provided certain info to help. If Cisco's download site is not clear, then what???

I do hope someone familiar with this will jump in.


regards;

Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0
rougena RE: WebEx Player not Secure
Member 31st Jan, 2010 07:48
Score: 2
Posts: 20
User Since: 13th Jan 2009
System Score: N/A
Location: N/A
Hello Fred,

Thanks for the insight.

Indeed, clearer info at Cisco's site might be helpful, but -- as I stated before -- it is PSI that points in a certain, not completely defined, direction ...

To make things even more difficult, according to PSI the insecure program is WebEx Player (detected by the one specific module I listed before), whereas the Control Panel's Add/Remove Programs shows that the actual application that was installed is WebEx Support Manager for Internet Explorer (another name for the same app? I wouldn't know, as at WebEx's site this very name is non-existant currently ...)

So, again, many thanks to PSI for pointing out that an update issue might be around, but just going on and installing the -- possibly -- wrong application, as suggested by PSI's own Download Solution is hardly the ... Solution.

Thanks again for your input,

Rougena
Was this reply relevant?
+1
-0
thedillpickl RE: WebEx Player not Secure
Contributor 31st Jan, 2010 19:01
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi rougena;

One last thought, after looking at WebEx http://www.webex.com/downloadplayer.html , it seems the two versions are for two different file types. Check the recordings folder and look at the filename's extension.


Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0
rougena RE: WebEx Player not Secure
Member 31st Jan, 2010 19:50
Score: 2
Posts: 20
User Since: 13th Jan 2009
System Score: N/A
Location: N/A
Hello Fred,

Thanks for the thought (hope it's not really the last ...)

As I mentioned however, the WebEx applet (Player/ IE Support or whichever other name it may carry) was NOT installed by yours truly in order to play files recorded (or I would know what I am using), but rather by the Network Magic's Installer, as part of NM's Install process.

Accordingly, I have no idea what was the actual intent of the people at PureNetworks/CISCO when they included it in the Install, nor do I have any ARF/WRF files anywhere on my PC (which makes things even more weired).

Again, it looks to me as an application mis-identification by PSI (who thinks it's the WebEx Player when it actually is some other applet created by the WebEx/CISCO people and that happens to share the specific file upon which PSI based its identification).

Hope someone at Secunia and/or CISCO are reading these lines and pops-in with some enlightening info.

Thanks again for your efforts,

Best,

Rougena
Was this reply relevant?
+0
-0
thedillpickl RE: WebEx Player not Secure
Contributor 31st Jan, 2010 21:06
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi rougena;

OK I'll take back the "one last thought" thing.

Sounds like we'll have to figure out the ARF or the WRF deal without help from file extensions. (No offense, but with ARF & WRF it sounds like WebEx might be a dog. Pun intended.)

WebEx is most probably downloaded with Network Magic for some good reason. Wether you use it or not, it is possible Network Magic requires it to function properly. I haven't found any useful info on Google. Are there any entries about WebEx in the Network Magic user manual or is it just a folded up piece of paper in ten languages telling you how to install?

Look at the insecure folder. In PSI, in the top right corner, is "Simple" blue in color & "Advanced" black? If not, click on "Advanced". Click on the "Insecure Programs" tab, click on the [+] to the left of the WebEx program. In the Tool Box, click on the "Technical details" icon. Please report the file path back here. Also click on the "Folder" icon in the Tool Box for WebEx. Is there a "readme" file or anything that might give us a clue?


fingers crossed;

Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0
Anthony Wells RE: WebEx Player not Secure
Expert Contributor 31st Jan, 2010 21:53
Score: 2445
Posts: 3,334
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 31st Jan, 2010 21:54
Hey there ,

Is this thread dealing with/having difficulty with the same problem ??

http://secunia.com/community/forum/thread/show/340...

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
rougena RE: WebEx Player not Secure
Member 31st Jan, 2010 22:28
Score: 2
Posts: 20
User Since: 13th Jan 2009
System Score: N/A
Location: N/A
Hi Fred!

Nice to see there still are people that a. try to help & b. won't give up in face of -- what seems to be -- a lost cause (due to lack of information).

As things stand:

1. N.M. comes with NO User Manual/Guide ...

2. The Online Help is at < http://www1.purenetworks.com/webhelp/nm/nm_5_5/103... >
(sorry for the long link, but it's been produced by the program itself)

A fast search for WebEx brings up ... NOTHING!

3. The Folder (& subfolders) that contain the WebEx Install are made up mostly of EXE & DLL files, with the only textual files around used for Licenses & Manifests.
Also, none of the files' names is suggestive of any of two types of "barking" ;)

4. From NM Forums, I am aware that there were Users that simply uninstalled WebEx from their machines for NM v. 5.1.x, without any visible adverse effect on NM itself; I found no similar testimony for the current version (which I am running), 5.5.x (but I did fin not-yet-answered inquiries to this effect).

5. Finally, with the risk of repeating myself, I am not really sure that whatever NM installs in the form of WebEx is actually one of the two Players: again, the name that appears in the Add/Remove Programs list is "WebEx Support Manager for Internet Explorer" (v. 6.5.4917);

I "Googled" the name of the app above, and found that it might be a tool to enable Tech. Support to take over the User's PC for debug/fix purposes (also, that similar apps. exist for Firefox, Opera a/o).
However, WebEx/CISCO's site has no mention of this app (FAQ, KB, general documentation).

Using WebEx technology, it's not too far fetched to assume that it may share the use of one or more modules with the Players, which would explain PSI's picking on atas32.dll (though misidentifying the app itself).

Guess I'm going to send an inquiry to PureNetworks/CISCO (the makers of both NM & WebEx) and see what's their say about this.

Still Fred, any further operative input will be most welcome (it's already more in the realm of human curiosity than PC safety!)

Thanks again,

Rougena
Was this reply relevant?
+0
-0
rougena RE: WebEx Player not Secure
Member 31st Jan, 2010 22:41
Score: 2
Posts: 20
User Since: 13th Jan 2009
System Score: N/A
Location: N/A
Hello Antony,

Thanks for pointing out this thread.

While you spotted correctly the WebEx name, from browsing through the thread's messages it seems that the problem per-se is completely different: while on the thread you mention there is no knowledge as to the origin of the WebEx program, nor does it seem to be actually there (more like a coincidence of file names), in this case (that we are researching here) the WebEx's location is well known and so is its origin; the trouble is that PSI probably misidentified WHICH WebEx this is (yes, there are several WebEx applications ...) and accordingly pointed to potentially upgrading the wrong program, not to mention that the producers (currently CISCO) seems to no longer list the specific application under this name anywhere at their Web site :(

In view of which it would probably be not a good idea to merge the threads.

Hope this clarifies the issue.

Thanks again for your input :)

Best,

Rougena
Was this reply relevant?
+0
-0
Anthony Wells RE: WebEx Player not Secure
Expert Contributor 31st Jan, 2010 22:45
Score: 2445
Posts: 3,334
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Is this is the file PSI is picking up :-


http://www.processlist.com/info/atas32.html

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
rougena RE: WebEx Player not Secure
Member 31st Jan, 2010 23:08
Score: 2
Posts: 20
User Since: 13th Jan 2009
System Score: N/A
Location: N/A
Hello Anthony,

Well, almost: the link you provided points at the intended file indeed, only at a very old version of it.

As I said however, the file is only the means for PSI to check the version of the application, the file being part of several more complete applications, out of which PSI has seemingly picked the wrong one ...

Thanks again,

Rougena
Was this reply relevant?
+0
-0
Anthony Wells RE: WebEx Player not Secure
Expert Contributor 31st Jan, 2010 23:11
Score: 2445
Posts: 3,334
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 31st Jan, 2010 23:39
How about wrf wrf wrf !!

http://en.securitylab.ru/notification/388931.php

It's the only product affected they say !

EDIT : is there a Secunia Adviory (SA) for the problem ??

Is it 37810 ??

Edit : Secunia only detects the file in PSI and the download solution is not always brilliant as you have noticed ; the SA is usually helpful ; but you need to tie down your product , PSI only looks for vulnerabilities .


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
rougena RE: WebEx Player not Secure
Member 1st Feb, 2010 00:13
Score: 2
Posts: 20
User Since: 13th Jan 2009
System Score: N/A
Location: N/A
Hi Anthony,

Your tenacity (strong word for perseverence) is really appreciated.

For as far as WebEx Players go, you downsized the problem to the WRF one only (great!).
Given however that THIS Player is NOT installed on my PC, AND that the file PSI pointed to is part of the "WebEx Support Manager for Internet Explorer" (which is a remote Tech. Support tool, not that I have yet any idea why it had to be installed by Network Magic at the time), I have to conclude that:

1. PSI misinterpreted the existence of this file (shared by both apps) as meaning that the WRF Player is the one installed, and -- according to CISCO's own paper -- needs to be updated, and

2. No actual update is needed by my PC (or any other PC with the same scenario), as CISCO's paper states that the ONLY product affected is its WRF Player (meaning that the Support Manager is NOT affected, and that the trouble with the Player is NOT in the atas32.dll file, as this one is shared with other programs which are NOT at risk).

Follows from the above that PSI should check for the WRF Player by using another target file, that would identify this Player alone ...

Question: how do we let Secunia know about this?

Thanks again,

Rougena
Was this reply relevant?
+0
-0
thedillpickl RE: WebEx Player not Secure
Contributor 1st Feb, 2010 00:31
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi rougena & Anthony;

It seems you have been busy while I had a bowl of chili & napped.

First lets not get up on PSI to much. Its puropose is to show programs that the vendor themselves report to have vulneralbilities. As rougena points out, PSI uses certain "target" files to find if a computer has this program. We have seen in the past that these files are not necessarily removed in the update process (e.g. Adobe Flash).

Would you check to see if the atas32.dll file has the same date/version info as the other WebEx files. If it is a 'left over', change the file extension from .dll to .old and see if all is well.


Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0
This user no longer exists RE: WebEx Player not Secure
Member 1st Feb, 2010 10:06
Hi,
You can always tell which advisory the PSI is responding to, by expanding the program entry (using the "+" button),
The PSI never flags anything as insecure without matching installed software to a particular advisory. The advisories specify the minimum secure version. Our advisories are not issued by the vendors, but by our research team, who verify every exploit we issue advisories about.

The PSI scans all appropriate files and your HD and match them to a set of rules. Whether or not you're secure depends on the version field of certain files.

Our solution links always aim to point to the vendors own download page. This can sometimes lead to mildly (or very) confusing download pages.

Hope this helps.
Was this reply relevant?
+0
-0
rougena RE: WebEx Player not Secure
Member 1st Feb, 2010 20:40
Score: 2
Posts: 20
User Since: 13th Jan 2009
System Score: N/A
Location: N/A
Hello Fred,

Thanks for further pursuing this issue; hope you had a great nap :)

The atas32.dll module is by no means a "left-over", as:

1. It has the same sequence of creation dates as its neighbors,

2. There hasn't been a previous WebEx application on this machine,

3. The Ashampoo Uninstaller installation logger clearly shows that the module (along with its brethern) was added during the installation of Network Magic 5.5.x.

Sorry to disappoint ...

Best,

Rougena
Was this reply relevant?
+0
-0
rougena RE: WebEx Player not Secure
Member 1st Feb, 2010 21:04
Score: 2
Posts: 20
User Since: 13th Jan 2009
System Score: N/A
Location: N/A
Dear Mr Petersen,

Thanks for adding Secunia's point of view to this thread.

Regretfully, I'll have to disagree with some of the points you made:

1. "Our advisories are not issued by the vendors, but by our research team":
in reading advisory 37810 (< http://secunia.com/advisories/37810/2/ >) which is pointed to by this WebEx issue, one can find that it is actually based entirely on CISCO's own advisory < http://www.cisco.com/warp/public/707/cisco-sa-2009... >, rather than on any research performed by Secunia.

2. "The PSI never flags anything as insecure without matching installed software to a particular advisory":
actually, neither Secunia's own 37810 advisory, nor CISCO's advisory (above) mention any specific set of rules according to which the flawed application is to be recognised.
However, CISCO clearly states that the flawed application is its own WebEx WRF Player.
As -- on the one hand -- THIS Player (or any other player) from WebEx is NOT installed on my machine, and -- on the other hand -- the only WebEx application installed (at the exact location pointed to by PSI) is the Support Manager for Internet Explorer, I can only conclude that the module (atas32.dll) that let PSI to the mistaken conclusion is used in BOTH applications (WRF Player & Support Manager for IE), and -- hence -- that the vulnerability is misidentified (unless this specific module is the carrier of the security breech).

From this point there seem to be only two venues:

1. atas32.dll is "clean", and then -- in order to differentiate between the two apps -- PSI should check for presence of the WRF Player by using another module, specific to that application only, or

2. atas32.dll is NOT "clean", and then -- given that it is shared by the two apps -- both CISCO's Advisory and that of Secunia should be updated to mention that not only the WRF Player is at risk, but also the Support Manager for IE (and, of course, CISCO should issue an update for the latter too).

Your further opinion will be much sppreciated.

Thanks again for your attention to this matter,

Sincerely,

Rougena N.-T.
Was this reply relevant?
+0
-0
rougena RE: WebEx Player not Secure
Member 1st Feb, 2010 21:33
Score: 2
Posts: 20
User Since: 13th Jan 2009
System Score: N/A
Location: N/A
Dear Mr Petersen,

Just a short addition to my previous reply:

1. To further sustain that we are NOT dealing with the WebEx WRF Player, may I point out that in its advisory CISCO states that the problem files "are located in the folder C:\Program Files\WebEx\Record Playback"; PSI found the said files in the folder C:\Program Files\WebEx\830 & C:\Program Files\WebEx\832;
Different subfolders = Different application ...

2. Under the "Vulnerable Products" chapter of its advisory, CISCO states which three files were modified in order to get the WRF Player fixed, with atas32.dll listed among them.
However, as I mentioned before, no clues were given as to how to identify whether the WRF Player is installed on a given machine, nor is there any statement made that any other application that might share these files might be in danger too (actually, the opposite is true: under "products confirmed not vulnerable", CISCO staetes that "No other Cisco products are currently known to be affected by these vulnerabilities".
So, unless Secunia's research says otherwise (though not disclosed in its own advisory), the WebEx Player alert, in this context, is most probably a false positive (that needs Secunia's attention & fix).

Hope you'll find the above useful.

Cordially,

Rougena N.-T.
Was this reply relevant?
+0
-0
This user no longer exists RE: WebEx Player not Secure
Member 2nd Feb, 2010 09:59
Hi,
It is correct that we use vendor advisories for reference. But we issue our own advisories, based on our own research. Our team verifies every reported vulnerability before reporting it. You can also see the credits of who helped discover an exploit at our advisories.

The specific set of instructions is this case can be viewed from here:
http://secunia.com/advisories/37810/2/
In this case the problem would be solved by following the instructions from Cisco's own advisory.

There is a chance we could have an overly-broad detection rule. If you are positive you have the support manager, and nothing else, please create a Software Suggestion from the "Patched" tab in the PSI. Provide as much info as you can, and please append "att. Emil". In that case I will immediately look into correcting our rules. Please suggest a file other than the currently detected atas32.dll

Hope this helps.
Was this reply relevant?
+0
-0
rougena RE: WebEx Player not Secure
Member 2nd Feb, 2010 22:48
Score: 2
Posts: 20
User Since: 13th Jan 2009
System Score: N/A
Location: N/A
Dear Emil,

Thanks for the prompt reply.

As I mentioned before, the only WebEx apps on my machine are those installed implicitly by the Setup of NetworkMagic Pro v 5.5, and which -- according to the Add/Remove Programs applet -- are called "WebEx Support Manager for Internet Explorer", v. 6.5.4917.

That's the easy part.

Now here's where it becomes more "messy":

1. In attempting to fix vulnerabilities in its WRF Player, CISCO made changes to three specific modules (see the relevant part of CISCO's advisory for this);

2. Some of these modules are SHARED with the said Support Manager for IE.

3. Despite CISCO's stating in its advisory that ONLY the WRF Player was affected by the known vulnerabilities, in view of the preceding two paragraphs may we safely assume that the Support Manger for IE is indeed not affected as well? Could Cisco have overlooked this app? Or do the vulnerabilities get a break to be activated only in the context of the activities available through the WRF Player, irrespective of the same modules appearing in other applications too?

Before completely embracing the idea that PCs that have the Support Manager for IE (or any other application that shares the relevant 3 modules) but not the WRF Player are safe, I would suggest to have such CISCO/WebEx applications checked (possibly in colaboration with CISCO) and proven actually safe ... (after all, that's what Secunia does: checks applications for vulnerabilities!)
It seems to me that the best way to get the Support Manager for IE would be to install NetworkManager Pro 5.5.x (the way I got it), for I failed to find any direct Download for the former at CISCO's site.

4. In as far as your request for opening a Software Suggestion is concerned, I am technically unable to tell which modules from WebEx that I have on my machine are specific to the Support Manager for IE and not shared with the WRF Player (remember: I don't have the Player, so I have no term of comparison ...); also, any module I might mention may possibly be shared by some other app[s] from CISCO/WebEx, and -- again -- be not specific enough.
Meaning that much as I should like to help, in this case I believe CISCO (the producer of all of the WebEx applets, as well as the NetworkMagic Pro one) would prove to be a more educated (not to mention the most interested) partner for this type of information.

Still, should you have any more specific question that would be in my capacity to answer, by all means - please just ask, and I'll be happy to oblige.

Thanks again for your involvment in the attempted resolution of this issue,

Kind regards,

Rougena
Was this reply relevant?
+0
-0
This user no longer exists RE: WebEx Player not Secure
Member 3rd Feb, 2010 09:03
Hi,
You are not required to know exactly which modules differ from the other product. If you make a software suggestion I can set the rules in a manner that it will only detect the proper product. We usually always recieve software suggestions from our users and not the vendors. The information we need can be extracted by the PSI. All you have to do is point to the proper file.

Hope this helps.
Was this reply relevant?
+0
-0
rougena RE: WebEx Player not Secure
Member 3rd Feb, 2010 11:49
Score: 2
Posts: 20
User Since: 13th Jan 2009
System Score: N/A
Location: N/A
Hello Emil,

Here's what I did:

1. Having spotted that the NetworkMagic Pro application is missing from the Patched list too, I created a Software Suggestion for it.

2. Given that by installing NMP one gets the WebEx Support Manager for IE anyway, you'll be able to research this applet too (personally, I failed to spot, among the 50+ modules of the Support Manager, one that would "define" this applet - they look more like a dispersed bag of function providers than a combined app, with -- hopefully -- some kind of a Main module, so I feared to point to any of them to prevent possible confusion with other WebEx apps that might share the functionality of the selected module).

3. Notwithstanding, just as I stated before, it is my opinion that the Support Manager SHOULD be checked for possible vulnerabilities similar to those of the WRF Player, because it shares affected modules with the latter.

Hope you'll find this info helpful.

Best,

Rougena
Was this reply relevant?
+0
-0
This user no longer exists RE: WebEx Player not Secure
Member 3rd Feb, 2010 12:16
Hi,

NetworkMagick Pro should now be detected.
Since NMP is a commercial applet, we depend on your suggestions to add software to our database.

Picking any module from the support manager will do fine, and a software suggestions is necessary if the software is to be detected. It does not have to be a main or "defining" file - any file that has version information will do. If you could please suggest one of the files that belong to the support manager, we will add it to our system.

hope this helps.
Was this reply relevant?
+0
-0
rougena RE: WebEx Player not Secure
Member 3rd Feb, 2010 12:51
Score: 2
Posts: 20
User Since: 13th Jan 2009
System Score: N/A
Location: N/A
Hi Emil!

Thanks for the prompt action.

Of course, I could point you to any of the 50+ files of the Support Manager. There are however TWO issues with this:

1. As I mentioned before, not knowing whether that file is specific to this application, the detection might prove to be wrong for other machines (detect the correct file but the wrong application);

2. There is the Version issue: while (according to the Add/Remove Programs applet, as well as the Installation Log of the application) the Support Manager is at version 6.5.4917, NONE of the files that make up this application has actualy this specific version! (and yes, I checked them all ...)
Meaning that by pointing you to ANY of the files that make up this application, I'll efectively provide you with the WRONG version information! (I believe that the correct info is kept in the Registry, but -- under Software Suggestion -- I have no means to pointing you to a Registry key ...)

Please advise.

Best,

Rougena
Was this reply relevant?
+0
-0
This user no longer exists RE: WebEx Player not Secure
Member 3rd Feb, 2010 13:48
Hi,
It doesn't really matter. We have ways to adjust our rules so it will only detect the proper application. If there are any unbeatable obstacles, we'll deal with that once we get there, but for now, we just need a software suggestion.

It is unfortunate that the files do not have accurate version info, but that doesn't mean we can't detect the program. We would have to correct our rules if there was ever issued an advisory relating to this product, but in the mean time, we are used to dealing with files containing improper versions.
Was this reply relevant?
+0
-0
rougena RE: WebEx Player not Secure
Member 3rd Feb, 2010 14:15
Score: 2
Posts: 20
User Since: 13th Jan 2009
System Score: N/A
Location: N/A
OK, Emil,

A Software Suggestion was made, using one of the modules the application carries (SafeReboot.exe - after all, being an Advanced Debug application to help CISCO Tech. Support in solving intricate issues, I guess that it is safe enough to say that this module would be specific enough for the app at hand).
Regretfully, I couldn't provide you with a download link, as there seems not to be any (remeber? I got it as a "side-dish" to Networkmagic Pro ...)

Still, with the risk of repeating myself empteen times, I strongly urge you to install the app on a test machine and verify that it is not affected by the same vulnerabiliies that affect WebEx WRF Player (to prevent a potential false sense of safety by having the application in its current version in the Patched list, when it should in fact reside in the Insecure list).

Best,

Rougena
Was this reply relevant?
+0
-0
This user no longer exists RE: WebEx Player not Secure
Member 3rd Feb, 2010 14:41
Hi,
I've evaluated your software suggestion, and that combined with the information gathered from WebEx (Cisco), does not give us any reason to consider the Support Manager a separate product. It seems to only come bundled with NetworkMagick, and should therefore be considered part of that software. Sorry about the mixup.


http://secunia.com/advisories/37810/2/
Our advisories are often based on vendor advisories, as it is with this case. In this case, Cisco only say the WRF player is vulnerable, and specifically state that "No other Cisco products are currently known to be affected by these vulnerabilities."

As our research for this advisory was merely confirming the vendors own advisory (which is part of our services, we always confirm exploits before we create our own advisories) we consider it done. If you have a vulnerability you'd like to report, you can email vuln@secunia.com
Was this reply relevant?
+0
-0
rougena RE: WebEx Player not Secure
Member 3rd Feb, 2010 21:59
Score: 2
Posts: 20
User Since: 13th Jan 2009
System Score: N/A
Location: N/A
Hello Emil,

Thanks for the clarification.

Regretfully however, this "mix-up" is anything BUT done:

1. For one thing, despite your clearly mentioning that the vulnerability is only part of the WRF Player, PSI keeps popping it up on my machine (which HAS NOT the WRF Player) because PSI detects it based on the atas32.dll module, which happens to be part not only of the WRF Player but also of the Support Manager for IE!
Clearly, if the vulnerability is not there to begin with, it shouldn't keep popping-up on a clean PC ...
Your attention to the relevant PSI rules for fixing the above will be much appreciated.

2. Notwithstanding the above, may I point out that WebEx's Support Manager for IE became "part of" Network Magic only after CISCO acquired PureNetworks (the original makers of NMP).
I wouldn't be surprised to find out that it is part of CISCO's policy to add unified support features to their products, and thus that the Support Manager for IE might be found in the current installations of other CISCO products, besides NMP.
Surely, this is one issue worth pursuing (with CISCO, of course).

3. Also, in a reply I received from CISCO/PureNetworks's Support only a few hours ago, it is written "WebEx applet is utilized by Cisco the support team for advanced troubleshooting. Removing WebEx will not affect Network Magic".
Follows from the above that this applet is NOT part of NMP (or NMP wouldn't work without it ...)

Thanks again for your continued support.

Kind regards,

Rougena
Was this reply relevant?
+0
-0
thedillpickl RE: WebEx Player not Secure
Contributor 3rd Feb, 2010 23:55
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi rougena;

I've been busy in the real world :) the last two days. Looks like you making some headway.

Concerned people, such as yourself, are what make this forum work. Thank you.

Also, thanks to Secunia for all they do.


Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0
rmsiegel RE: WebEx Player not Secure
Member 4th Feb, 2010 20:11
Score: 0
Posts: 1
User Since: 4th Feb 2010
System Score: N/A
Location: N/A
All,

Been reading this thread and saw there was no definitive conclusion. But I have some new info.

I was able to successfully delete the WebEx files and subdirectory PSI was complaining about through Windows Add/Remove Programs by removing an application named "Meeting Service". There was no other information about this and I'm not sure what/where installed Meeting Service.

What made me connection for me is that one of the EXE files (sorry did not write down the file name but there were only 3-4 EXEs) had an icon the same as the Meeting Service listing in Add/Remove Programs. It is a circle with blue curved stripes across it that looks like the ATT logo.

After I removed this application PSI acknowledged the insecure program was gone.

Just Googling now found a link https://www.teleconference.att.com/resv/wmdownload... that downloads the Webex products so I probably got it from some ATT web conferencing I did at one point.

Hope this helps,
Bob
Was this reply relevant?
+0
-0
lmacri RE: WebEx Player not Secure
Member 8th Feb, 2010 02:15
Score: 42
Posts: 87
User Since: 9th Sep 2009
System Score: N/A
Location: CA
Hi rougena:

I'm having a similar problem. A few weeks ago Secunia PSI started reporting that atas32.dll is insecure at the following two locations:
- C:\Users\All Users\WebEx\WebEx\826\atas32.dll
- C:\ProgramData\WebEx\WebEx\826\atas32.dll

Based on the creation dates of these files, I suspect that the WebEx Player was installed on my machine when I participated in an on-line WebEx conference call back in May 2009. Like some other users, I can't figure out how to update the WebEx Player (the instructions on the WebEx website at http://www.webex.com/downloadplayer.html are useless) or remove it (it's not listed in the uninstall list under Control Panel | Programs and Features, nor can I see it in my list of Internet Explorer 8 add-ons or under IE8's Tools | Internet Options | Browsing History | Settings | View Objects).

Thanks to everyone contributing to this thread. I'll keep checking back and hope that someone else figures out how to fix this problem with atas32.dll.

MS Windows Vista Home Premium 32-bit
Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 GS
Secunia PSI v. 1.5.0.1

--
Vista Home Premium SP2 32-bit * NIS 2013 v. 20.5.0.28 * IE 9 * FF v. 31.0 * PSI v. 2.0.0.3003
Was this reply relevant?
+0
-0
ComplyAnt RE: WebEx Player not Secure
Member 22nd Feb, 2010 09:22
Score: 0
Posts: 2
User Since: 10th Feb 2010
System Score: N/A
Location: UK
I had the same problem but with Kaspersky reporting it. WebEx was not showing in Control Panel. However Kaspersky was more helpful in providing a file path.

Under C:\Users\All Users\WebEx I found a set of files including atcliun.exe
atgpcdec.dll
atgpcext.dll
atmgr.exe

You may want to try searching for the above file names or similar ones.

atcliun.exe is the uninstall program for the web client of webex. Running it removed the application and gave a clean scan.

I am guessing this was installed when I watched an online conference recording, as I don't use any network products and don't have a Linksys router.

I used the Feedback link on the CISCO advisory page (http://www.cisco.com/warp/public/707/cisco-sa-2009...) to tell them what I thought about the lack of proper housekeeping in their tool ... but with a supplier that works as a virtual company, with all actual work outsourced, I'm guessing that this won't be addressed properly any time soon. (Somewhere I found statistics that showed that the number of vulnerabilities in outsourced development was significantly higher than code developed in-house. Unfortunately I failed to bookmark it and haven't found the research since.)

--
Better safe than sorry
Was this reply relevant?
+0
-0
ddemase RE: WebEx Player not Secure
Member 7th Mar, 2010 18:06
Score: 0
Posts: 1
User Since: 25th May 2008
System Score: N/A
Location: N/A
I use WebEx all the time for collaboration. If I delete the app with Control Panel Add/Remove Programs PSI is good to go. As soon as I join a new WebEx session anywhere it goes back to being flagged. What can I do to get past this?
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer