Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

mercredi 2 mai 2018

Cisco WebEx ARF Remote Code Execution Vulnerabilities (CERT-EU Security Advisory 2018-013)

On May 2nd, 2018, Cisco published two advisories for remote code execution vulnerabilities, CVE-2018-0287 (medium) and CVE-2018-0264 (critical) in the various Cisco WebEx Players. The players are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee. The records are using the Advanced Recording Format (ARF). An attacker could exploit these vulnerabilities by sending a link or an e-mail attachment with a malicious ARF file and persuading the target to open the malicious file. Successful exploitation could allow the attacker to execute arbitrary code on the target system.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 259

x

Événements SSI