Cisco WebEx Player ARF String Parsing Remote Code Execution VulnerabilityZDI-10-155: August 23rd, 2010
TippingPoint™ IPS Customer ProtectionTippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 9936. For further product information on the TippingPoint IPS:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists during the parsing of strings defined within the ARF file format. Strings are typically prefixed by their valid length. By supplying a string much longer than the defined length a heap overflow will occur which can be further leveraged to execute arbitrary code under the context of the current user.
Vendor ResponseCisco states:
This issue has been resolved in T27FR14, deployed to WebEx customers in April.
2010-01-06 - Vulnerability reported to vendor
2010-08-23 - Coordinated public release of advisory
CreditThis vulnerability was discovered by:
Gabriel Menezes Nunes