There are four buffer overflow vulnerabilities in the Cisco WebEx player and one buffer overflow in the Cisco Advanced Format player running on Windows, Mac OS X and Linux.
The vulnerabilities could allow an attacker to execute code on a system, Cisco officials said. The players play back WebEx meeting recordings and automatically install when required by WebEx meetings.
The problem exists in WebEx Business Suite with client builds 28.0.0, 27.32.1 (and earlier), 27.25.10 (and earlier), 27.21.10 (and earlier) and 27.11.26 (and earlier).
Exploiting the applications requires the playback of a maliciously constructed recording file which can either come via email or by getting the user to visit a malicious web page; the vulnerabilities are not exploitable within a WebEx meeting.
Where Cisco WebEx clients have been automatically installed, the company said they will automatically update. Customers who do not receive automatic updates can get updated players for Windows and Mac OS X from the Get WebEx Player page. Other versions and updates require contacting Cisco support.