Remotely execute programs on Windows systems
The arbitrary program execution security flaw affecting the Windows client is caused by the
improper input validation of URLs supplied to impacted Cisco Webex Meetings Desktop App versions.
CVE-2020-3263 could enable unauthenticated, remote attackers to execute programs on systems running an unpatched Cisco Webex Meetings Desktop App release. An attacker can exploit this vulnerability by tricking the target to click on a malicious URL.
"A successful exploit could allow the attacker to cause the application to execute other programs that are already present on the end-user system," Cisco's advisory
reads.
"If malicious files are planted on the system or on an accessible network file path, the attacker could execute arbitrary code on the affected system."