Uočen je nedostatak vezan uz Cisco WebEx Player kojeg zlonamjerni napadači mogu iskoristiti za proizvoljno izvršavanje programskog koda.
Paket:
Cisco WebEx Player
Operacijski sustavi:
Apple Mac OS X 10.5, Apple Mac OS X 10.6, HP-UX 11.x, Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Windows Vista, Microsoft Windows 7, Red Hat Enterprise Linux 4, Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, Ubuntu Linux 10.04, Ubuntu Linux 11.0, Ubuntu Linux 11.04, Ubuntu Linux 12.04
Problem:
preljev međuspremnika
Iskorištavanje:
udaljeno
Posljedica:
proizvoljno izvršavanje programskog koda
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
cisco-sa-20120627-webex
Izvor:
Cisco
Problem:
Uočeno je da dolazi do preljeva međuspremnika u radu komponenti Cisco WRF (eng. WebEx Recording Format) player i Cisco ARF (eng. Advanced Recording Format) player.
Posljedica:
Udaljeni napadači navedeni nedostak mogu iskoristiti za proizvoljno izvršavanje programskog koda.
Rješenje:
Savjetuje se instalacija programskih zakrpi proizvođača.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco
WebEx Player
Advisory ID: cisco-sa-20120627-webex
Revision 1.0
For Public Release 2012 June 27 16:00 UTC (GMT)
+--------------------------------------------------------------------
Summary
=======
The Cisco WebEx Recording Format (WRF) player contains four buffer
overflow vulnerabilities and the Cisco Advanced Recording Format (ARF)
player contains one buffer overflow vulnerability. In some cases,
exploitation of the vulnerabilities could allow a remote attacker to
execute arbitrary code on the system with the privileges of a targeted
user.
The Cisco WebEx Players are applications that are used to play back
WebEx meeting recordings that have been recorded on a WebEx meeting
site or on the computer of an online meeting attendee. The players can
be automatically installed when the user accesses a recording file that
is hosted on a WebEx meeting site. The players can also be manually
installed for offline playback after downloading the application from
http://www.webex.com/play-webex-recording.html.
If the WRF or ARF players were automatically installed, they will be
automatically upgraded to the latest, nonvulnerable version when users
access a recording file that is hosted on a WebEx meeting site. If the
WRF or ARF player was manually installed, users will need to manually
install a new version of the player after downloading the latest version
from http://www.webex.com/play-webex-recording.html.
Cisco has updated affected versions of the WebEx meeting sites and WRF
and ARF players to address these vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120627-webex
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAk/rJEUACgkQUddfH3/BbTq0xwD5AcfRxNUZIGqkAH2Ly2/F2gm1
dNWaKy1hIfBIkk4oFVwA/1nlXcK77u6J/kNERLpg04SFvNh7HSYY2A7XU6BLeCy+
=eBKD
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
To unsubscribe, send the command "unsubscribe" in the subject of your message to
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke