Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Current WebEx Player Vendor Download Link Reports as Vulnerable

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Cisco
And, this specific program:
WebEx Recording Format Player

This thread has been marked as locked.
mecs24ws Current WebEx Player Vendor Download Link Reports as Vulnerable
Member 15th Dec, 2010 14:00
Ranking: 0
Posts: 1
User Since: 15th Nov, 2010
System Score: N/A
Location: N/A
I installed the WebEx Player from a partner's WebEx presentation on 13 Dec 2010, and PSI immediately reported it as vulnerable.

I downloaded and installed the full installer for the ARF player at the PSI vendor download link (http://www.webex.com/downloadplayer.html) at that time, and after install,
-PSI still reports the app as vulnerable
-The File Properties | Details for each of the three instances of atas32.dll on the system still report the vulnerable version of 2.6.21.4
C:\Program Files (x86)\WebEx\Record Playback\atas32.dll
C:\ProgramData\WebEx\WebEx\1024\atas32.dll
C:\ProgramData\WebEx\WebEx\500\Atas32.dll
-The current download of the arf player from the PSI vendor download link is unchanged from the download of 13 Dec (MD5:9627144a853191110871b95235059a3b; SHA-1:2c922f81e8d9e5d2620006b9e31545b68085baf0)

Is the vendor download indeed unpatched, or is this a version identification problem for PSI?

OS: Windows 7, patched current
PSI: 1.5.0.2




mogs RE: Current WebEx Player Vendor Download Link Reports as Vulnerable
Expert Contributor 15th Dec, 2010 14:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello.
What version of psi are you using ?
Are you sure there is no entry/instance of Web Ex in the Patched tab ?
Whenever you update a program it is often the case that the older version/file isn't automatically removed, and it is this/those that Secunia continues to detect; even if residing in the Recycle bin...
Here's an extract from the Advisory at :-http://secunia.com/advisories/product/3004/

WebEx Player
This vulnerability report for WebEx Player contains a complete overview of all Secunia advisories affecting it. You can use this vulnerability report to ensure that you are aware of all vulnerabilities, both patched and unpatched, affecting this product allowing you to take the necessary precautions.

If you have information about a new or an existing vulnerability in WebEx Player then you are more than welcome to contact us.

Vendor, Links, and Unpatched Vulnerabilities

Vendor WebEx

Product Link View Here (Link to external site)

Affected By 2 Secunia advisories
7 Vulnerabilities

Monitor Product Receive alerts for this product

Unpatched 0% (0 of 2 Secunia advisories)

Most Critical Unpatched
There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..


It doesn't appear to be a detection/identification on Secunia's part.
Hope this helps....regards,



--
Was this reply relevant?
+1
-0
Anthony Wells RE: Current WebEx Player Vendor Download Link Reports as Vulnerable
Expert Contributor 15th Dec, 2010 21:23
Score: 2428
Posts: 3,316
User Since: 19th Dec 2007
System Score: N/A
Location: N/A


Hi @mecs24ws ,

This programme has some history concerning detection by the PSi ; if you click the blue WebEx Player link on the right above your first post you will see this list of threads :-

http://secunia.com/community/forum/?forum=2&vendor...

and this one in particular digs deep :-

http://secunia.com/community/forum/thread/show/341...

You may find what you need therein ; let us know how you go .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
This user no longer exists RE: Current WebEx Player Vendor Download Link Reports as Vulnerable
Member 17th Dec, 2010 08:51
Hi,

If you run a full rescan, is this issue still reproduceable?
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability