CVE-2020-3194

Name of the Vulnerable Software and Affected Versions Cisco Webex Network Recording Player for Microsoft Windows (affected versions not specified) Cisco Webex Player for Microsoft Windows (affected versions not specified)

Description A vulnerability exists due to insufficient validation of certain elements within Webex recordings stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). This issue can be exploited by an attacker sending a malicious ARF or WRF file to a user through a link or email attachment, persuading the user to open the file with the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. The vulnerability is also related to a buffer overflow in memory, which can be exploited using specially crafted ARF or WRF files.

Recommendations For Cisco Webex Network Recording Player for Microsoft Windows, consider disabling the ability to open ARF and WRF files until a patch is available. For Cisco Webex Player for Microsoft Windows, restrict access to files in the Advanced Recording Format (ARF) and Webex Recording Format (WRF) to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.