Buffer Overflow Vulnerabilities in Cisco WebEx Network Recording Player
CVE-2017-6669

7.8HIGH

Key Information:

Vendor
Cisco
Status
Cisco Webex Network Recording Player
Vendor
CVE Published:
26 June 2017

Summary

Multiple buffer overflow vulnerabilities are present in the Cisco WebEx Network Recording Player, affecting users who open malicious Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by enticing a user to launch a compromised ARF file, potentially leading to a crash of the recording player or allowing the execution of arbitrary code on the affected system. The player is typically installed automatically when a recording file hosted on a WebEx server is accessed. It is critical for users of the Cisco WebEx Business Suite to ensure they are using the latest client builds to mitigate these risks.

Affected Version(s)

Cisco WebEx Network Recording Player Cisco WebEx Network Recording Player

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038737
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99196
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.