====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN190
_____________________________________________________________________

DATE                : 21/06/2017

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco WebEx Network Recording
                                       Player.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp
____________________________________________________________________

Cisco Security Advisory: Cisco WebEx Network Recording Player Multiple
Buffer Overflow Vulnerabilities

Advisory ID: cisco-sa-20170621-wnrp

Revision: 1.0

For Public Release: 2017 June 21 16:00 GMT

Last Updated: 2017 June 21 16:00 GMT

CVE ID(s): CVE-2017-6669

CVSS Score v(3): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary
=======
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx
Network Recording Player for Advanced Recording Format (ARF) files. An
attacker could exploit these vulnerabilities by providing a user with a
malicious ARF file via email or URL and convincing the user to launch
the file. Exploitation of these vulnerabilities could cause an affected
player to crash and, in some cases, could allow arbitrary code
execution on the system of a targeted user.

The Cisco WebEx Network Recording Player is an application that is used
to play back WebEx meeting recordings that have been recorded on the
computer of an online meeting attendee. The player can be automatically
installed when the user accesses a recording file that is hosted on a
WebEx server.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp"]

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================