Switching and networking vendor Cisco is warning about serious security vulnerabilities in the Cisco WebEx Players used by businesses for recording and playback of meeting recordings.
In all, the company warned about five separate buffer overflow security flaws that exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players.
A hacker who successfully exploited these vulnerabilities could, in some instances, launch harmful code directly against a targeted user. A successful compromise could also cause the WebEx player to crash, Cisco warned in an advisory that carries a CVSS Base Score of 7.8.
The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx server.
The company has shipped patches for users of the Cisco WebEx Business Suite meeting sites, Cisco WebEx 11 meeting sites, Cisco WebEx Meetings Server, and Cisco WebEx WRF and ARF Players to address these vulnerabilities.
According to Cisco, updates are available for the following:
- Cisco WebEx Business Suite (WBS29) client builds T29.2 or later
- Cisco WebEx Business Suite (WBS28) client builds T28.12 or later
- Cisco WebEx Business Suite (WBS27) client builds T27TLSP32EP16 (27.32.16) or later
- Cisco WebEx 11 versions prior to 1.2.10 with client builds T28.12 or later
- Cisco WebEx Meetings Server client builds 2.0.0.1677 or later
- Cisco WebEx Meetings Server client builds Orion 2.0 or later