#VU7157 Buffer overflow in Cisco WebEx Network Recording Player - CVE-2017-6669
Published: June 22, 2017
Vulnerability identifier: #VU7157
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-6669
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco WebEx Network Recording Player
Cisco WebEx Network Recording Player
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to cause DoS condition or possibly execute arbitrary code on the target system.
The weakness exists due to multiple buffer overflows in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. A remote attacker can provide a malicious ARF file via email or URL, trcik the victim into launching it, trigger memory corruption and cause the affected player to crash or even execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to multiple buffer overflows in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. A remote attacker can provide a malicious ARF file via email or URL, trcik the victim into launching it, trigger memory corruption and cause the affected player to crash or even execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update WBS29 to version T29.13.130 or later.
Update WBS30 to version T30.17 or later.
Update WBS31 to version T31.10 or later.
Update WBS30 to version T30.17 or later.
Update WBS31 to version T31.10 or later.