====================================================================

                             CERT-Renater

                 Note d'Information No. 2019/VULN148

_____________________________________________________________________

DATE                : 16/05/2019

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows running Cisco Webex Network Recording
                               Player, Cisco Webex Player.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-webex-player
_____________________________________________________________________

Cisco Security Advisory: Cisco Webex Network Recording Player Arbitrary
Code Execution Vulnerabilities


Advisory ID: cisco-sa-20190515-webex-player

Revision: 1.0

For Public Release: 2019 May 15 16:00 GMT

Last Updated: 2019 May 15 16:00 GMT

CVE ID(s): CVE-2019-1771, CVE-2019-1772, CVE-2019-1773

CVSS Score v(3): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary

=======

Multiple vulnerabilities in the Cisco Webex Network Recording Player for
Microsoft Windows and the Cisco Webex Player for Microsoft Windows could
allow an attacker to execute arbitrary code on an affected system.

The vulnerabilities exist because the affected software improperly
validates Advanced Recording Format (ARF) and Webex Recording Format
(WRF) files. An attacker could exploit these vulnerabilities by sending
a user a malicious ARF or WRF file via a link or email attachment and
persuading the user to open the file with the affected software on the
local system. A successful exploit could allow the attacker to execute
arbitrary code on the affected system.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability. No exploit
code proving exploitability of the vulnerabilities is publicly
available.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-webex-player
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-webex-player"]

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================