CVE-2018-0264

Name of the Vulnerable Software and Affected Versions Cisco WebEx Business Suite versions prior to T31.23.4 Cisco WebEx Business Suite versions prior to T32.12 Cisco WebEx Meetings versions prior to T32.12 Cisco WebEx Meetings Server versions prior to 3.0 Patch 1

Description A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. This is due to insufficient input validation in the ARF file processing mechanism. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system.

Recommendations For Cisco WebEx Business Suite versions prior to T31.23.4, update to version T31.23.4 or later. For Cisco WebEx Business Suite versions prior to T32.12, update to version T32.12 or later. For Cisco WebEx Meetings versions prior to T32.12, update to version T32.12 or later. For Cisco WebEx Meetings Server versions prior to 3.0 Patch 1, apply Patch 1 or later. As a temporary workaround, consider disabling the ARF file playback feature until a patch is available. Restrict access to ARF files from untrusted sources to minimize the risk of exploitation.