Vulnerabilities in Cisco WebEx conferencing applications

Core Security Technologies disclosed stack overflow vulnerabilities affecting the Cisco WebEx applications used to conduct Web-based video conferencing. They identified two vulnerabilities that can compromise end-user machines and can cause the computers to crash.

They discovered two separate vulnerabilities, each affecting a separate Cisco WebEx application. First, the research team manipulated a file created by the Cisco WebEx recorder (carrying the .WRF extension) and played by the WebEx player. A portion of the new file’s execution pointed to a user call instruction and allowed a hacker to execute other functions on the machine.

Second, the research team made a slight change to the XML code within a file that governs polling functionality within Cisco WebEx Meeting Center. The resulting code, when published as a poll during a presentation, crashed the machine and ultimately affected other machines connected to the WebEx meeting, causing the other participants’ machines to crash.

Vulnerability specifics

Users are required to install a special player from WebEx to view archived presentations that are executed in WRF format. This player is vulnerable to a stack-based overflow that an attacker may use to control the machine. The WRF bug was found when a CoreLabs researcher employed a well-known fuzzing method by opening a working file and modifying one byte.

As previously discussed, the vulnerability within the WebEx Meeting Center polling functionality was found through an even simpler method, and both vulnerabilities are related to stack overflow errors possible within each application. A stack overflow occurs when a program requests more memory than it has been allotted.

Solution

To remediate the WRF WebEx player vulnerability install the latest version. No remediation is necessary for the WebEx Meeting Center vulnerability, since Cisco has deployed the fix on their servers and WebEx meeting attendees are no longer exposed to the stack overflow issue.