CVE-2017-6669 Cisco WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities

漏洞类别:Local

漏洞等级:

漏洞信息

The Cisco WebEx Network Recording Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee.

Affected Versions:
Cisco WebEx Business Suite (WBS29) client builds prior to T29.13.130 Cisco WebEx Business Suite (WBS30) client builds prior to T30.17 Cisco WebEx Business Suite (WBS31) client builds prior to T31.10 QID: Detection Logic (Authenticated):
The QID checks for vulnerable version of Cisco WebEx Network Recording Player. The patched version for Cisco WebEx Network Recording Player are : T29.13.130 T30.17 T31.10

漏洞危害

An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user.

解决方案

The vendor has issued a fix. Please refer to Cisco WebEX Security Advisory for more information about patching this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

cisco-sa-20170621-wnrp

Leave a Reply