CVE-2018-0380
Description
Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could cause an affected player to crash, resulting in a denial of service (DoS) condition. The Cisco Webex players are applications that are used to play back Webex meetings that have been recorded by an online meeting attendee. The Webex Network Recording Player for .arf files can be automatically installed when the user accesses a recording that is hosted on a Webex server. The Webex Player for .wrf files can be downloaded manually. These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Suite sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server. Cisco Bug IDs: CSCvh70253, CSCvh70268, CSCvh72272, CSCvh72281, CSCvh72285, CSCvi60477, CSCvi60485, CSCvi60490, CSCvi60520, CSCvi60529, CSCvi60533.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco Webex Recording Players crash on malformed ARF/WRF files, enabling unauthenticated DoS via social engineering.
Vulnerability
Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (.arf) files and the Webex Player for Webex Recording Format (.wrf) files [1]. These flaws are triggered when the player parses specially crafted .arf or .wrf files. Affected versions include the players distributed via Cisco Webex Meetings Suite, Webex Meetings Online, and Webex Meetings Server [1]. Exact version details are available from the referenced Cisco bug IDs (e.g., CSCvh70253) [1]. The ARF player can be automatically installed when a user accesses a recording, while the WRF player is downloaded manually [1].
Exploitation
An attacker can exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file, for example via email or by hosting it on a URL, and convincing the user to open the file in the corresponding Webex recording player [1]. No authentication or special network access is required beyond the ability to deliver the file and induce the user to launch it [1]. The exploitation sequence relies on social engineering: the user double-clicks the file, triggering the vulnerable parsing code.
Impact
Successful exploitation causes the Webex player to crash, resulting in a denial of service (DoS) condition [1]. The attacker does not gain code execution or data access; the impact is limited to application termination, requiring the user to restart the player [1]. The DoS can be repeated each time the user opens the malicious file.
Mitigation
Cisco has released software updates to address these vulnerabilities, as documented in the security advisory [1]. Users should update their Webex Network Recording Player or Webex Player to the latest version provided by Cisco. As a workaround, users should exercise caution when opening .arf or .wrf files from untrusted sources and avoid clicking links or attachments from unknown senders [1]. For systems that have reached end of software maintenance, customers should contact Cisco support [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.securityfocus.com/bid/104880mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1041351mitrevdb-entryx_refsource_SECTRACK
- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-dosmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.