[c-nsp] Cisco Security Advisory: Cisco WebEx Meetings Player Arbitrary Code Execution
Cisco Systems Product Security Incident Response Team
psirt at cisco.com
Wed Aug 31 12:09:24 EDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability
Advisory ID: cisco-sa-20160831-meetings-player
Revision 1.0
For Public Release 2016 August 31 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in Cisco WebEx Player could allow an unauthenticated, remote attacker to execute arbitrary code.
The vulnerability is due to improper handling of user-supplied files. An attacker could exploit this vulnerability by persuading a user to open a malicious file using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the system with the privileges of the user.
Cisco has released software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player
-----BEGIN PGP SIGNATURE-----
iQIVAwUBV8blLK89gD3EAJB5AQI1zxAAx6XCth6kJKS7dwSUct2Bg0hBpw3oazvO
k3H4mFLRgtAx4wX/bR3xoF3z8Fl2X2hdiZRZoulssR3biRfsGhbNvIhXewkRbzcB
DQGA4LLo+XcCu+5mIYhpChTo1ncgBFtku7S0KI7lfTXEAxqQEflt2o5D3LzmTv19
c6R39nnyHQ3guY+7kggEo2TlggSe1SUFBKw2h7k1Rsc422y+d7l4tyLrNbx6tdqm
r97LkpvghekSF8HQBB+rW/sc3h4qf3zIEuvVuuzFay+JVFChSObh3l2WHJyU4j8O
7SlqTzpNvb/19D3byKSTLVSEcadCTus1J4iGJCSQv3tN6EdS2Bm8aRNvg4G4BPXw
kbtS9IEJDg2wFiGte7gWfpfLBhAhgG9FPNcPHzZRjRxIx/OgkGpiPQCuHarOv7Fg
LlXs6GR+cZtn+A9yoohTV4RfXjvfNPUb1+w9jGaRTf5dWtg/XzP3NO7bwftfxAZ2
7nYMvXh95tic1Dm2CKjTCzlgV6kUVyIH2EmUKdvX52GEUcmKhY9A6ZHeCh2gXRcc
HKOuyY5mmDau5HCI1AV0TROzvZTZO15Em0EePWmKnwt46Z+lzoh3vZWRe839qoSQ
n4stxK0hTEVClEkQwj50GZ0XhZlm69m6xwcUEKNmbkc0Tr2jQuKkwLd8ra4pmMnK
bWi/tKyx2Lg=
=0pHi
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list