Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity
    • Networking

    Cisco Patches Two Stack Overflow Bugs in WebEx Software

    By
    Fahmida Y. Rashid
    -
    February 1, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Researchers at Core Security Technologies issued an advisory warning on Jan. 31 about two stack overflow vulnerabilities in Cisco WebEx applications. These vulnerabilities grant attackers code execution privileges on the machine, according to Core Security.

      The stack-based overflow vulnerabilities were found in the WebEx player, used to view archived WebEx presentations, and in WebEx Meeting Center’s polling functionality. Core Security alerted Cisco to both security issues on Oct. 4, according to the published security advisory.

      Cisco fixed the issue in WebEx Meeting Center in early January, but estimated it may take up to four weeks to “end of January, beginning of February,” before all the customers are updated to the same version of the code. The WebEx player bug was fixed with the new version released Feb. 1, Alex Horan, director of product management at Core Security, told eWEEK.

      “Sometimes innocent actions, such as opening an e-mail attachment that appears to be a recorded WebEx presentation, can leave a computer vulnerable to hackers,” said Horan.

      The WebEx player flaw was exploited via a manipulated WRF file, Horan said. The security team changed a .WRF file created by the Cisco WebEx recorder application by modifying one byte of the working file, Horan said. When the manipulated file was played in the WebEx player, it caused a stack overflow, giving attackers operating-system level control of the machine, he said.

      “Just because you haven’t used a program or have forgotten it is installed doesn’t mean it can’t come back to haunt you,” said Horan.

      It was a little difficult to estimate the extent of the problem, since the WebEx player is not as widely installed as Office or Web browsers, according to Horan. Users may have installed the WebEx player at one time to view a recording of a meeting and not have bothered to uninstall it afterward, he said. Even though it would be hard for the attacker to know who has it installed within an organization, “all it takes is someone to send a specially crafted file with the .WRF extension,” he said.

      When the WRF player attempts to play that malicious file, the exploit code can execute a process outside of the player so that it stays in the computer’s memory after the user closes the player, Horan said. At this point, the exploit can perform an action or phone home to the attacker for instructions on what to do next, he said. Core researchers created a proof-of-concept where the exploit escaped the player and opened up the Calculator application, he said. While there were some tricks to do it in a way the antivirus couldn’t detect it, it was not considered very difficult to do, he said.

      According to Federico Muttis, one of the Core Security researchers who uncovered the bug, the team had a “working proof of concept” in “about 10 minutes.” The Core Security team included researchers Sebastian Tello and Manuel Muradas, as well.

      WebEx has not had many security problems, and attackers have not generally used it as an attack vector, so antivirus products are not likely to be scanning or checking WRF files, Horan said.

      The bug in the WebEx Meeting Center was in the ATP polling functionality, Horan said. The WebEx Meeting Center application allows connected participants to create and respond to polls during the course of a meeting. A malicious user could introduce a modified poll during a WebEx meeting to gain control of the connected machines, he said. The users didn’t need to respond to the poll at all, he said.

      The exploit used the ATP file in a text editor by putting in an “overly long” string into the XML file, Muttis said. When the modified ATP file was published as a poll, the client crashed immediately. “That alone would have been good enough for a client-side Cisco WebEx Meeting Center exploit,” Muttis said. The stack overflow generated with the exploit wasn’t limited to just the client that uploaded the file, but any participants connected to the meeting, according to Muttis.

      Since WebEx Meeting Center is a software-as-a-service product, the fix was immediately pushed out to customers during their next WebEx meeting, Horan said. WebEx attendees should no longer encounter this particular stack overflow issue, he said.

      The WebEx player vulnerability is fixed in the latest version of the software, available online. Since the software doesn’t have an auto-update function or the ability to look for the latest update, users will have to manually uninstall and reinstall the latest version to ensure the fix is installed, Horan said.

      Avatar
      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×