Cisco WebEx Network Recording Player ARF File RCE (cisco-sa-20170621-wnrp)
Medium Nessus Plugin ID 101298
SynopsisThe video player installed on the remote Windows host is affected by a remote code execution vulnerability.
DescriptionThe version of Cisco WebEx Network Recording Player installed on the remote host is affected by a remote code execution vulnerability due to multiple buffer overflow conditions in the Advanced Recording Format (ARF) file player. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted ARF file using email or a URL, to cause a denial of service condition or the execution of arbitrary code.
SolutionUpgrade to the relevant fixed version of WebEx Network Recording Player referenced in Cisco advisory cisco-sa-20170621-wnrp.