‫ Cisco WebEx Player WRF Processing Multiple Vulnerabilities

IRCAD2012062033
 
ID: IRCAD2012062033
Release Date: 2012-06-28
Criticality level: Highly critical
 
Software:
WebEx Recording Format Player
 
Description:
Multiple vulnerabilities have been reported in WebEx Recording Format Player, which can be exploited by malicious people to compromise a user's system.

1) An unspecified error when processing WRF files can be exploited to cause a heap-based buffer overflow.

2) An error when processing the JPEG DHT chunk within a WRF file can be exploited to cause a stack-based buffer overflow.

3) An unspecified error when processing WRF files can be exploited to corrupt memory.

4) An error when processing the Audio size within a WRF file can be exploited to cause a heap-based buffer overflow.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in the following versions:
* Client builds 28.0.0 (T28 L10N).
* Client builds 27.32.1 (T27 LD SP32 CP1) and prior.
* Client builds 27.25.10 (T27 LC SP25 EP10) and prior.
* Client builds 27.21.10 (T27 LB SP21 EP10) and prior.
* Client builds 27.11.26 (T27 L SP11 EP26) and prior.
 
Solution
Update to a fixed client build (please see the vendor's advisory for details).
 
References:
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 10 تیر 1391

امتیاز

امتیاز شما
تعداد امتیازها:0