Executive Summary
Summary | |
---|---|
Title | Buffer Overflow Vulnerabilities in the Cisco WebEx Player |
Informations | |||
---|---|---|---|
Name | cisco-sa-20120404-webex | First vendor Publication | 2012-04-04 |
Vendor | Cisco | Last vendor Modification | 2012-04-04 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The players can also be manually installed for offline playback after downloading the application from www.webex.com. If the WRF player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the WRF player was manually installed, users will need to manually install a new version of the player after downloading the latest version from www.webex.com. Cisco has updated affected versions of the WebEx meeting sites and WRF player to address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex BEGIN PGP SIGNATURE Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk98YzcACgkQQXnnBKKRMNCTmQD/VY6JJbsShxFPEOhYw/LWLtkE yW4X11Smv2wub8CSMWQA/i4FPoQK9LFWzv6Vtskr7GvTF9i6RNOs5sffl+WilfCC =H8ML END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Cisco WebEx recording integer overflow attempt RuleID : 28263 - Revision : 4 - Type : FILE-OTHER |
2014-01-10 | Cisco WebEx recording format buffer overflow attempt RuleID : 25000 - Revision : 5 - Type : FILE-OTHER |
2014-01-10 | Cisco WebEx recording format buffer overflow attempt RuleID : 24999 - Revision : 5 - Type : FILE-OTHER |
2014-01-10 | Cisco WebEx recording format buffer overflow attempt RuleID : 24998 - Revision : 8 - Type : FILE-OTHER |
2014-01-10 | Cisco WebEx recording format buffer overflow attempt RuleID : 24997 - Revision : 5 - Type : FILE-OTHER |
2014-01-10 | Cisco WebEx recording format buffer overflow attempt RuleID : 24685 - Revision : 6 - Type : FILE-OTHER |
2014-01-10 | Cisco WebEx recording format buffer overflow attempt RuleID : 24684 - Revision : 6 - Type : FILE-OTHER |
2014-01-10 | Cisco WebEx recording format buffer overflow attempt RuleID : 24683 - Revision : 5 - Type : FILE-OTHER |
2014-01-10 | Cisco WebEx recording format buffer overflow attempt RuleID : 24682 - Revision : 5 - Type : FILE-OTHER |
2014-01-10 | Cisco WebEx recording format buffer overflow attempt RuleID : 24681 - Revision : 6 - Type : FILE-OTHER |
2014-01-10 | Cisco WebEx recording format buffer overflow attempt RuleID : 24680 - Revision : 9 - Type : FILE-OTHER |
2014-01-10 | Cisco WebEx recording format buffer overflow attempt RuleID : 24679 - Revision : 8 - Type : FILE-OTHER |
2014-01-10 | Cisco WebEx recording format buffer overflow attempt RuleID : 24678 - Revision : 8 - Type : FILE-OTHER |
2014-01-10 | Cisco WebEx recording integer overflow attempt RuleID : 23269 - Revision : 11 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-04-06 | Name : The video player installed on the remote Windows host has multiple buffer ove... File : cisco-sa-20120404-webex.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 10:22:04 |
|
2014-01-19 21:20:31 |
|
2013-02-06 19:07:59 |
|