Guest

Preview Tool

Cisco Bug: CSCvu29136 - Cisco Webex Meetings Desktop App for Windows Insecure DLL Search Order

Last Modified

Jun 04, 2020

Products (1)

  • Cisco Webex Meetings Online

Known Affected Releases

WBS40.4.8 WBS40.6.0

Description (partial)

Symptom:
Cisco Webex Meetings Desktop App for Windows insecurely searches for DLL libraries in user profile temporary directories during system installation. By default, temporary directories within the path of the application require administrator privileges to write to the directory.

A local user with administrator privileges could place a file in the path of the application and leverage this behavior to cause the application to load malicious libraries. 

However, the attacker could gain no additional privileges on the system as a result of leveraging this issue, because the user must already have privileges to write to critical system areas and already exerts complete control over the system.

Conditions:
An attacker on the local system with administrator privileges.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.