Core Security Technologies Finds Vulnerabilities in Cisco Applications

Core Security Technologies, a provider of IT security test and measurement software solutions, has announced in a press release that they found some stack overflow vulnerabilities that adversely affect the performance of the well known Cisco (News - Alert) WebEx applications that are helpful in conducting Web-based video conferencing. The company has already been conducting vulnerability research, during which its experts have addressed two vulnerabilities that can compromise end-user machines, and can cause the computers to crash. Offering a range of security test and measurement solutions that help enterprises in identification of potentially harmful threats, Core Security Technologies provides them with advanced exposures to their most critical assets.

The team of company’s researchers comprising of Federico Muttis, Sebastian Tello and Manuel Muradas found two separate vulnerabilities, both of which affect two different Cisco WebEx applications. When they manipulated a file created by the Cisco WebEx recorder that was played by the WebEx player, some parts of the new file’s execution lead to a user call instruction that might enable a potential hacker to execute other functions on the machine conveniently. Similarly, when the team slightly modified the XML code with a file that governs polling functionality within Cisco WebEx Meeting Center, the new code crashed the machine and also had adverse effects upon other machines connected to the WebEx meeting as well.

“Sometimes innocent actions, such as opening an email attachment that appears to be a recorded WebEx presentation, can leave a computer vulnerable to hackers,” commented Alex Horan, Senior Product Manager at Core Security Technologies. “For this reason, Core Security regularly investigates common applications to make sure they do not present new previously unknown vulnerabilities. In this case, a well-known development concern, stack overflow, is at fault. It demonstrates yet again how companies need to be constantly vigilant in testing their systems for new ways data could be compromised.”

After identifying the vulnerabilities, Core Security coordinated with Cisco as a part of its responsible disclosure policy, so that WebEx users might be offered a remedial solution before the announcement was made. The company has recommended that the older version of the WRF WebEx player must be uninstalled.

In December 2010, Core Security Technologies announced the official release of its CORE INSIGHT Enterprise, which helps customers to continuously identify and prove real-world exposures to critical assets across the entire organization through automated testing of network systems, web applications, and users through one completely integrated solution.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO East 2011, taking place Feb 2-4, 2011, in Miami. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. To register, click here.