Is there known malware, which exploits this vulnerability? This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
#Cisco arf player full
#Cisco arf player Patch
Vulnerable software versionsĬisco Webex Meetings sites: before 39.5.18, 40.2Ĭisco Webex Meetings Online: before 1.3.48Ĭisco WebEx Meetings Server: before 4.0MR2 patch 3Ĭisco WebEx Network Recording Player: All versions To ensure the best possible compatibility, hosts should only use the player available from their own Webex site. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the. Cisco Webex Player is used to play back WRF files. A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The player can be installed manually from a user’s Cisco Webex website download page in Classic view or from the Cisco Webex Video Recording page. It is available from Cisco Webex Meetings sites and Cisco Webex Meetings Server. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. Cisco Webex Network Recording Player is used to play back ARF files. A remote attacker could exploit this issue by tricking a user into opening a malicious ARF file, resulting in arbitrary code execution. Description The version of Cisco WebEx ARF Player installed on the remote host has a buffer overflow vulnerability. (Example: Select a service type from the left side section. The video player installed on the remote Windows host has a buffer overflow vulnerability. Follow the steps below to download the standalone WRF player: Log in to your Webex Web site. To download the WRF player from the Webex site you will need to have a host account on the site. A remote attacker can create a specially crafted ARF or WRF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system. There are standalone players for both Windows and Mac for WRF. The vulnerability exists in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). The vulnerability allows a remote attacker to execute arbitrary code on the target system. CVSSv3.1: 7.7 ĬWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer