WebEx Productivity Tools Insecure Library Loading

Solutionary ID: SERT-VDN-1019

Risk Rating: Low

CVE ID: CVE-2016-4349

Product: WebEx Productivity Tools

Application Vendor: Cisco

Vendor URL: https://www.webex.com/

Date discovered: 02/17/2016

Discovered by: Jose Hernandez, Jacob Faires, and Solutionary Engineering Research Team (SERT)

Vendor notification date: 03/02/2016

Vendor response date: 03/02/2016

Vendor acknowledgment date: 04/12/2016

Public disclosure date: 04/18/2016

Type of vulnerability: Insecure Library Loading (DLL Hijacking)

Exploit Vectors: Local

Vulnerability Description: WebEx Productivity Tools is vulnerable to a Insecure Library Loading vulnerability. The libraries identified as being vulnerable are msimg32.dll, SXS.dll, RpcRtRemote.dll, CRYPTSP.dll, dwmapi.dll,Secur32.dll, PROPSYS.dll, ntmarta.dll, UXTheme.dll, and Riched20.dll. The vulnerability lies in the way Microsoft Windows loads DLLs. If applications fail to load a library from a path, Microsoft Windows searches several default paths to find and load the library. A malicious attacker can create a malicious DLL with the same name and place it in a directory where Microsoft Windows searches by default. The application will load the malicious DLL resulting in arbitrary code execution.

Tested on: Windows 7 SP1

Affected software versions: 2.40.5001.10012

Impact: Successful exploitation allows local arbitrary code execution.

Fixed in: No Plans For Patch

Remediation guidelines: Restrict access to the application to trusted networks and enforce strict restrictions for access to the application libraries.  Update the software should a patch become available.