Cisco plugs critical hole in WebEx, users urged to upgrade ASAP

Cisco has fixed a critical vulnerability in its WebEx videoconferencing software that could be exploited to compromise meeting attendees’ systems by simply opening a booby-trapped Flash file shared in a meeting. The flaw is due to insufficient input validation by the Cisco WebEx clients, and affects Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server.

“To exploit this vulnerability, the client application would require a meeting attendee to open a malicious Flash file. An attacker may be able to accomplish this exploit by providing the malicious .swf file directly to users via the file-sharing capabilities of the client,” Cisco explained in an advisory published on Wednesday.

Read more about the critical vulnerability in WebEx, which luckily is not currently being exploited in the wild, on Help Net Security.