WebEx WRF Player buffer overflow

2011-02-10T00:00:00
ID SAINT:CF34973EBC5CAD713983F24AEFE7503C
Type saint
Reporter SAINT Corporation
Modified 2011-02-10T00:00:00

Description

Added: 02/10/2011
CVE: CVE-2010-3269
BID: 46075

Background

The WebEx Recording Format (WRF) is used to save recordings of WebEx meetings to a file. The WebEx WRF Player allows users to play a WRF file.

Problem

A buffer overflow vulnerability in the WebEx WRF Player allows command execution when a user opens a specially crafted WRF file.

Resolution

Upgrade to the latest version of WebEx WRF Player.

References

<http://www.cisco.com/warp/public/707/cisco-sa-20110201-webex.shtml>
<http://www.securityfocus.com/archive/1/516095>

Limitations

Exploit works on WebEx Player 3.0 and requires a user to open the exploit file in WebEx Player.

Platforms

Windows