CVE-2009-2877

Name of the Vulnerable Software and Affected Versions: Cisco WebEx WRF Player versions 26.x through 26.49.31 for Windows Cisco WebEx WRF Player versions 27.x through 27.9.x for Windows Cisco WebEx WRF Player versions 26.x through 26.49.34 for Mac OS X and Linux Cisco WebEx WRF Player versions 27.x through 27.11.7 for Mac OS X and Linux

Description: The issue is a stack-based buffer overflow in the ataudio.dll component. It allows remote attackers to cause a denial of service, resulting in an application crash, or execute arbitrary code via a crafted WebEx Recording Format (WRF) file.

Recommendations: For Cisco WebEx WRF Player versions 26.x through 26.49.31 for Windows, update to version 26.49.32 or later. For Cisco WebEx WRF Player versions 27.x through 27.9.x for Windows, update to version 27.10.x or later. For Cisco WebEx WRF Player versions 26.x through 26.49.34 for Mac OS X and Linux, update to version 26.49.35 or later. For Cisco WebEx WRF Player versions 27.x through 27.11.7 for Mac OS X and Linux, update to version 27.11.8 or later.