Cisco Posts Patches for 5 WexEx Flaws

Cisco has released an update to address multiple security vulnerabilities in the Mac OS X, Windows and Linux versions of its WebEx software.

The company said in a security advisory that versions of the player prior to T27LC SP22 and T27LB SP21 EP3 are vulnerable.

Cisco is deploying the update as an automatic fix for all versions of the player which had previously been automatically installed. Manually installed versions should be replaced by downloading the latest version from the WebEx site.

The fix patches five flaws in the handling of WebEx Recording Format and Advanced Recording Format files.

If exploited, the flaws could allow an attacker to remotely execute code on a targeted system. Other possible risks include privilege escalation and denial-of-service attacks.

No attacks targeting the flaw have been reported in the wild. Cisco credited researchers from Core Security, TippingPoint and FortiGuard Labs with reporting the flaws directly to the company.

print this article

Return to security news headlines
View Security News Archive

Share with: