Guest

Preview Tool

Cisco Bug: CSCvs05073 - Cisco Webex Meetings for Windows DLL Hijacking Vulnerability

Last Modified

Jan 16, 2020

Products (1)

  • Cisco Webex Meetings Online

Known Affected Releases

WBS39.5.0 WBS39.7.0

Description (partial)

Symptom:
A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Meetings Client for Windows could allow an authenticated, local attacker to perform a DLL Hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.

The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the vulnerable application is launched. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user account.

There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-teams-dll

Conditions:
Software running with the default configuration
Operating system: Windows 7
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.