Executive Summary
| Summary | |
|---|---|
| Title | Buffer Overflow Vulnerabilities in the Cisco WebEx Player |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20111026-webex | First vendor Publication | N/A |
| Vendor | Cisco | Last vendor Modification | 2011-10-26 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The players can also be manually installed for offline playback after downloading the application from www.webex.com If the WRF player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the WRF player was manually installed, users will need to manually install a new version of the player after downloading the latest version from www.webex.com Cisco has released free software updates that address these vulnerabilities. |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 76571 | Cisco WebEx Player ATAS32 Component WRF File linesProcessed Value Handling Ov... |
| 76570 | Cisco WebEx Player Unspecified WRF File Handling Overflow |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Cisco WebEx recording integer overflow attempt RuleID : 26433 - Revision : 4 - Type : FILE-OTHER |
| 2014-01-10 | Cisco WebEx recording integer overflow attempt RuleID : 26432 - Revision : 4 - Type : FILE-OTHER |
| 2014-01-10 | Cisco WebEx player remote code execution attempt RuleID : 25341 - Revision : 7 - Type : FILE-OTHER |
| 2014-01-10 | Oracle outside in Lotus 1-2-3 heap overflow attempt RuleID : 24029 - Revision : 9 - Type : FILE-OTHER |
| 2014-01-10 | Oracle outside in Lotus 1-2-3 heap overflow attempt RuleID : 23346 - Revision : 10 - Type : FILE-OTHER |
| 2014-01-10 | Cisco WebEx recording integer overflow attempt RuleID : 23101 - Revision : 9 - Type : FILE-OTHER |
| 2014-01-10 | Cisco WebEx recording integer overflow attempt RuleID : 23100 - Revision : 9 - Type : FILE-OTHER |
| 2014-01-10 | Cisco Webex selector and size2 subrecords corruption attempt RuleID : 21116 - Revision : 12 - Type : FILE-OTHER |
Alert History
| Date | Informations |
|---|---|
| 2014-01-19 21:20:31 |
|
