Executive Summary
| Summary | |
|---|---|
| Title | Multiple Cisco WebEx WRF Player Vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20091216-webex | First vendor Publication | 2009-10-05 |
| Vendor | Cisco | Last vendor Modification | 2009-12-16 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) Player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system of a targeted user. The Cisco WebEx WRF Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an on-line meeting attendee. The WRF Player can be automatically installed when the user accesses a WRF file that is hosted on a WebEx server. The WRF Player can also be manually installed for offline playback after downloading the application from www.webex.com. If the WRF Player was automatically installed, the WebEx WRF Player will be automatically upgraded to the latest, non-vulnerable version when users access a WRF file hosted on a WebEx server. If the WebEx WRF Player was manually installed, users will need to manually install a new version of the player after downloading the latest version from www.webex.com. Cisco has released free software updates that address these vulnerabilities. |
Original Source
| Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0 (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 6 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 61130 | Cisco WebEx WRF Player WRF File Handling Unspecified Overflow (CVE-2009-2880) |
| 61129 | Cisco WebEx WRF Player WRF File Handling Unspecified Overflow (CVE-2009-2879) |
| 61128 | Cisco WebEx WRF Player WRF File Handling Unspecified Overflow (CVE-2009-2878) |
| 61127 | Cisco WebEx WRF Player WRF File Handling Unspecified Overflow (CVE-2009-2877) |
| 61126 | Cisco WebEx WRF Player WRF File Handling Unspecified Overflow (CVE-2009-2876) |
| 61125 | Cisco WebEx WRF Player WRF File Handling Unspecified Overflow (CVE-2009-2875) |
