Cisco WebEx WRF文件格式缓冲区溢出漏洞

Bugtraq ID: 52882
CVE ID：CVE-2012-1335

Cisco WebEx是Cisco公司提供的网络会议解决方案，Cisco WebEx Player用于播放与会者在电脑上所记录的WebEx会议记录

Cisco WebEx Player存在多个缓冲区溢出问题，允许攻击者以应用程序上下文执行任意代码

攻击者可以构建恶意WRF文件，诱使用户解析来触发此漏洞
0
Cisco WebEx (Windows) T27 LD SP32
Cisco WebEx (Windows) T27 LC SP25 EP9
Cisco WebEx (Windows) T27 LB SP21 EP10
Cisco WebEx (Windows) T27 L SP11 EP26
Cisco WebEx (Mac OS X) T27 LD SP32
Cisco WebEx (Mac OS X) T27 LC SP25 EP9
Cisco WebEx (Mac OS X) T27 LB SP21 EP10
Cisco WebEx (Mac OS X) T27 L SP11 EP26
Cisco WebEx (Linux) T27 LD SP32
Cisco WebEx (Linux) T27 LC SP25 EP9
Cisco WebEx (Linux) T27 LB SP21 EP10
Cisco WebEx (Linux) T27 L SP11 EP26
厂商解决方案
用户可参考如下供应商提供的安全公告获得补丁信息：
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex#software