Cisco WebEx WRF和ARF文件格式多个远程缓冲区溢出漏洞

发布日期:2012-06-27
更新日期:2012-06-28

受影响系统:
Cisco WebEx 28
Cisco WebEx 27
Cisco WebEx (Windows) T27 SP28
Cisco WebEx (Windows) T27 SP25 EP3
Cisco WebEx (Windows) T27 SP23
Cisco WebEx (Windows) T27 SP21 EP9
Cisco WebEx (Windows) T27 SP11 EP23
Cisco WebEx (Windows) T27 LD SP32 CP1
Cisco WebEx (Windows) T27 LD SP32
Cisco WebEx (Windows) T27 LC SP25 EP9
Cisco WebEx (Windows) T27 LC SP25 EP10
Cisco WebEx (Windows) T27 LB SP21 EP10
Cisco WebEx (Windows) T27 L SP11 EP26
Cisco WebEx (Windows) T27 FR20
Cisco WebEx (Windows) T26 SP49 EP40
Cisco WebEx (Windows) 27LC SP22
Cisco WebEx (Windows) 27LB SP21 EP3
Cisco WebEx (Windows) 27.10
Cisco WebEx (Windows) 27.00
Cisco WebEx (Windows) 26.49.32
Cisco WebEx (Windows) 26.00
Cisco WebEx (Mac OS X) T27 SP28
Cisco WebEx (Mac OS X) T27 SP25 EP3
Cisco WebEx (Mac OS X) T27 SP23
Cisco WebEx (Mac OS X) T27 SP21 EP9
Cisco WebEx (Mac OS X) T27 SP11 EP23
Cisco WebEx (Mac OS X) T27 LD SP32 CP1
Cisco WebEx (Mac OS X) T27 LD SP32
Cisco WebEx (Mac OS X) T27 LD SP32
Cisco WebEx (Mac OS X) T27 LC SP25 EP9
Cisco WebEx (Mac OS X) T27 LC SP25 EP10
Cisco WebEx (Mac OS X) T27 LB SP21 EP10
Cisco WebEx (Mac OS X) T27 L SP11 EP26
Cisco WebEx (Mac OS X) T27 FR20
Cisco WebEx (Mac OS X) T26 SP49 EP40
Cisco WebEx (Mac OS X) 27LC SP22
Cisco WebEx (Mac OS X) 27LB SP21 EP3
Cisco WebEx (Mac OS X) 27.11.8
Cisco WebEx (Mac OS X) 27.00
Cisco WebEx (Mac OS X) 26.49.35
Cisco WebEx (Mac OS X) 26.00
Cisco WebEx (Ma T27 LD SP32
Cisco WebEx (Linux) T27 SP28
Cisco WebEx (Linux) T27 SP25 EP3
Cisco WebEx (Linux) T27 SP23
Cisco WebEx (Linux) T27 SP21 EP9
Cisco WebEx (Linux) T27 SP11 EP23
Cisco WebEx (Linux) T27 LD SP32 CP1
Cisco WebEx (Linux) T27 LD SP32
Cisco WebEx (Linux) T27 LC SP25 EP9
Cisco WebEx (Linux) T27 LC SP25 EP10
Cisco WebEx (Linux) T27 LB SP21 EP10
Cisco WebEx (Linux) T27 L SP11 EP26
Cisco WebEx (Linux) T27 FR20
Cisco WebEx (Linux) T26 SP49 EP40
Cisco WebEx (Linux) 27LC SP22
Cisco WebEx (Linux) 27LB SP21 EP3
Cisco WebEx (Linux) 27.11.8
Cisco WebEx (Linux) 27.11.8
Cisco WebEx (Linux) 27.00
Cisco WebEx (Linux) 26.49.35
Cisco WebEx (Linux) 26.00
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 54213
CVE(CAN) ID: CVE-2012-3053,CVE-2012-3054,CVE-2012-3055,CVE-2012-3056,CVE-2012-3057

WebEx会议服务是Cisco WebEx管理和维护的托管多媒体会议解决方案。WRF文件格式用于存储WebEx会议记录。播放器是用于回放和编辑记录文件。Cisco WebEx Player是用于回放在WebEx会议站点上或在线会议参加者上记录的会议内容。当用户访问WebEx会议站点上的记录文件时,可自动安装播放器。也可下载后手动安装。

Cisco WebEx在实现上存在多个远程缓冲器溢出漏洞,攻击者可利用这些漏洞在运行受影响应用时执行任意代码。

<*来源:iDEFENSE
  *>

建议:
--------------------------------------------------------------------------------
厂商补丁:

Cisco
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.cisco.com/warp/public/707/advisory.html