Cisco released patches for multiple vulnerabilities in its WebEx Recording Format and Advanced Recoding Format Players to address vulnerabilities.
The flaws could cause an affected player to crash and in some cases allow arbitrary code execution on the system if a remote attacker sent a malicious ARF or WRF file via email or URL and convincing the user to launch the file, according to a Cisco advisory last updated Nov. 30, 2017.
The patch has a “Critical” severity rating and addresses CVE-2017-12367, CVE-2017-12368, CVE-2017-12369, CVE-2017-12370, CVE-2017-12371, and CVE-2017-12372.
“The vulnerabilities disclosed in this advisory affect the Cisco WebEx ARF Player and the Cisco WebEx WRF Player,” the advisory said. “The following client builds of Cisco WebEx Business Suite (WBS30, WBS 31, and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected by at least one of the vulnerabilities described in this advisory”
There are no workarounds to address these vulnerabilities however, it is possible to remove all WebEx software completely from a system using the Meeting Services Removal Tool (for Microsoft Windows users) or Mac WebEx Meeting Application Uninstaller (for Apple Mac OS X users).