Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Cisco WebEx Player ARF Parsing Buffer Overflow Vulnerability

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Cisco WebEx Player ARF Parsing Buffer Overflow Vulnerability

Secunia Cisco WebEx Player ARF Parsing Buffer Overflow Vulnerability
Secunia Official 15th Dec, 2010 01:25
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
A vulnerability has been reported in Cisco WebEx Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability exists due to a boundary error when parsing strings in ARF files and can be exploited to cause a heap-based buffer overflow via a specially crafted ARF file.

Successful exploitation may allow execution of arbitrary code.

kronhead

RE: Cisco WebEx Player ARF Parsing Buffer Overflow Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
mogs RE: Cisco WebEx Player ARF Parsing Buffer Overflow Vulnerability
Expert Contributor 15th Dec, 2010 07:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello.
Here's an extract from the Secunia Advisory :-
http://secunia.com/advisories/41039
Description
A vulnerability has been reported in Cisco WebEx Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability exists due to a boundary error when parsing strings in ARF files and can be exploited to cause a heap-based buffer overflow via a specially crafted ARF file.

Successful exploitation may allow execution of arbitrary code.

Solution
Reportedly fixed in version T27FR14. Contact the vendor for further information.


Provided and/or discovered by
Gabriel Menezes Nunes, reported via ZDI.

Original Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10...

Deep Links
Links available in Customer Area

In future, could you please refrain from using this section of the forum as it is reserved for specific discussion relative to the Advisory. Please use the other sections to create a new thread. When/if you do, please include details of psi version you are using : Operating System and the path to the vulnerability psi has detected ; together with any other info you think might be relevant. Thankyou.....hope this helps....regards,



--
Was this reply relevant?
+1
-0


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer