Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

1/31/2011
06:01 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Core Security Finds 2 Cisco WebEx Security Vulnerabilities

Stack overflow vulnerabilities can compromise end-user machines and can cause the computers to crash

BOSTON – January 31, 2011 – Core Security Technologies, the market’s leading provider of IT security test and measurement software solutions, today issued an advisory disclosing stack overflow vulnerabilities affecting the popular Cisco WebEx applications used to conduct Web-based video conferencing. As part of Core Security’s ongoing vulnerability research, Core Security experts have identified two vulnerabilities that can compromise end-user machines and can cause the computers to crash.

Core Security researchers Federico Muttis, Sebastian Tello and Manuel Muradas teamed to discover two separate vulnerabilities, each affecting a separate Cisco WebEx application. First, the research team manipulated a file created by the Cisco WebEx recorder (carrying the .WRF extension) and played by the WebEx player. A portion of the new file’s execution pointed to a user call instruction and allowed a hacker to execute other functions on the machine.

Second, the research team made a slight change to the XML code within a file that governs polling functionality within Cisco WebEx Meeting Center. The resulting code, when published as a poll during a presentation, crashed the machine and ultimately affected other machines connected to the WebEx meeting, causing the other participants’ machines to crash.

“Sometimes innocent actions, such as opening an email attachment that appears to be a recorded WebEx presentation, can leave a computer vulnerable to hackers,” said Alex Horan, senior product manager at Core Security Technologies. “For this reason, Core Security regularly investigates common applications to make sure they do not present new previously unknown vulnerabilities. In this case, a well-known development concern, stack overflow, is at fault. It demonstrates yet again how companies need to be constantly vigilant in testing their systems for new ways data could be compromised.”

Vulnerability Specifics

Users are required to install a special player from WebEx to view archived presentations that are executed in WRF format. This player is vulnerable to a stack-based overflow that an attacker may use to control the machine. The WRF bug was found when a CoreLabs researcher employed a well-known fuzzing method by opening a working file and modifying one byte.

As previously discussed, the vulnerability within the WebEx Meeting Center polling functionality was found through an even simpler method, and both vulnerabilities are related to stack overflow errors possible within each application. A stack overflow occurs when a program requests more memory than it has been allotted.

Remediation Recommendations

Keeping with its responsible disclosure policy, Core Security coordinated with Cisco to address the vulnerabilities and provide solutions for WebEx users prior to making this announcement.

To remediate the WRF WebEx player vulnerability, Core Security recommends uninstalling the older version and installing the latest version, which is available here: http://www.webex.com/downloadplayer.html

No remediation is necessary for the WebEx Meeting Center vulnerability, since Cisco has deployed the fix on their servers and WebEx meeting attendees are no longer exposed to the stack overflow issue.

CORE IMPACT Pro customers can also easily determine potential risks to their organization’s systems using the solution. More than 1,000 organizations that use CORE IMPACT Pro can identify if these vulnerabilities expose their systems by immediately running the WebEx exploit module in CORE IMPACT Pro. To watch Core Security’s Alex Horan demonstrate a test against the discovered weaknesses using Core Security’s CORE IMPACT Pro penetration testing solution, read his blog post here: http://blog.coresecurity.com/2011/01/31/a-tale-of-webex-vulnerabilities-and-forgotten-valentines-cards

For more information on this vulnerability and the systems affected, please visit: http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities

About CoreLabs

CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. Research is conducted in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing and cryptography. Results from these efforts include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs

About Core Security Technologies

Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and prove real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.

Core Security’s software solutions build on over a decade of trusted research and leading-edge threat expertise from the company’s Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.

Contacts: Lesley Sullivan Schwartz Communications 781-684-0770 [email protected]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Microsoft Tools Focus on Insider Risk, Data Protection at Ignite 2019
Kelly Sheridan, Staff Editor, Dark Reading,  11/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Dueling Free Throws A riff on the song Dueling Banjos
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
CVE-2019-18853
PUBLISHED: 2019-11-11
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVE-2019-18854
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
CVE-2019-18855
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
CVE-2019-18856
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.