CVE-2017-6669 – Cisco WebEx Network Recording Player ARF File Memory Corruption Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2017-6669

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. The Cisco WebEx Network Recording Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. • http://www.securityfocus.com/bid/99196 http://www.securitytracker.com/id/1038737 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •