—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities

Advisory ID: cisco-sa-20170621-wnrp

Revision: 1.0

For Public Release: 2017 June 21 16:00 GMT

Last Updated: 2017 June 21 16:00 GMT

CVE ID(s): CVE-2017-6669

CVSS Score v(3): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

+———————————————————————

Summary
=======
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user.

The Cisco WebEx Network Recording Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZSprGZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHl3jQ/+KuPJz5wXVshtjdp/
bVUWAVBJtUpBdHYrSH4tRlx57ExQ0ej2tA2yW6zUu9OXLdNCH/gCTSJcDC9yM1Ra
x51Wsrf9cP63SkPnbnPD/lxaIlNh7wjkTvDUnO/W3qmeQpz71/jaywh+Z3ImaPP3
dYzMV8PP5MWMSPTx3gogwmCIPkVX9RDdXh/50plK7DuWIAMbKqwqUTSxhBIZk4y9
BEvx7Zp22R4NiMPfFYC+t18OYSOjvCXCSuWl2TNdFSqnI//rG769Ly7nt2kivTcc
0bXAXM2bk+adedkMua9O+7WEF25ujWB3jyzyF6m9FbqIvui81SsG7BZJhuzaUA0e
r7RZBfhyEXXPgAML83LUXmL9kpSapIUBcwmM8RbYHEEPEx6NV1roaCbvzPDEctvS
xr3qTRYtSoLYzaKgzdnDjCyzUlceFBOnsJRVyLoapTxEpy68ZYl2RitA6oWDLEwW
4SZ8QP4VbZDZ+8m10IfxskHlM/c/fR/ohL5Uc+Hw8IUyDqAi/SVUHll14MYdqIIe
q1lDvznTagl9U1iSYH0+1TxbXQHW8a7B7Pq0bqPRe0FqSQyzM7Zl5jF/QN+CBrWo
qkIA7ChdWC5W/IQsV+QN6M+9Dc59XvRpZ91ZnXEU2jVg0630QNBrN73U3Nd+bann
5CXZ/guEWgR2BVSql06UQDr4Rq8=
=7soC
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com