Forum Thread: Cisco WebEx Player ARF Parsing Buffer Overflow Vulnerability

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Cisco WebEx Player ARF Parsing Buffer Overflow Vulnerability

Secunia Cisco WebEx Player ARF Parsing Buffer Overflow Vulnerability
Secunia Official 15th Dec, 2010 01:25
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
A vulnerability has been reported in Cisco WebEx Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability exists due to a boundary error when parsing strings in ARF files and can be exploited to cause a heap-based buffer overflow via a specially crafted ARF file.

Successful exploitation may allow execution of arbitrary code.

kronhead

RE: Cisco WebEx Player ARF Parsing Buffer Overflow Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
mogs RE: Cisco WebEx Player ARF Parsing Buffer Overflow Vulnerability
Expert Contributor 15th Dec, 2010 07:34
Score: 2265
Posts: 6,269
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello.
Here's an extract from the Secunia Advisory :-
http://secunia.com/advisories/41039
Description
A vulnerability has been reported in Cisco WebEx Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability exists due to a boundary error when parsing strings in ARF files and can be exploited to cause a heap-based buffer overflow via a specially crafted ARF file.

Successful exploitation may allow execution of arbitrary code.

Solution
Reportedly fixed in version T27FR14. Contact the vendor for further information.


Provided and/or discovered by
Gabriel Menezes Nunes, reported via ZDI.

Original Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10...

Deep Links
Links available in Customer Area

In future, could you please refrain from using this section of the forum as it is reserved for specific discussion relative to the Advisory. Please use the other sections to create a new thread. When/if you do, please include details of psi version you are using : Operating System and the path to the vulnerability psi has detected ; together with any other info you think might be relevant. Thankyou.....hope this helps....regards,



--
Was this reply relevant?
+1
-0