Executive Summary

Title Cisco WebEx Meetings Player Arbitrary Code Execution
Name cisco-sa-20160831-meetings-player First vendor Publication 2016-08-31
Vendor Cisco Last vendor Modification 2016-08-31
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in Cisco WebEx Player could allow an unauthenticated, remote attacker to execute arbitrary code.

The vulnerability is due to improper handling of user-supplied files. An attacker could exploit this vulnerability by persuading a user to open a malicious file using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the system with the privileges of the user.

Cisco has released software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player


iQIVAwUBV8blLK89gD3EAJB5AQI1zxAAx6XCth6kJKS7dwSUct2Bg0hBpw3oazvO k3H4mFLRgtAx4wX/bR3xoF3z8Fl2X2hdiZRZoulssR3biRfsGhbNvIhXewkRbzcB DQGA4LLo+XcCu+5mIYhpChTo1ncgBFtku7S0KI7lfTXEAxqQEflt2o5D3LzmTv19 c6R39nnyHQ3guY+7kggEo2TlggSe1SUFBKw2h7k1Rsc422y+d7l4tyLrNbx6tdqm r97LkpvghekSF8HQBB+rW/sc3h4qf3zIEuvVuuzFay+JVFChSObh3l2WHJyU4j8O 7SlqTzpNvb/19D3byKSTLVSEcadCTus1J4iGJCSQv3tN6EdS2Bm8aRNvg4G4BPXw kbtS9IEJDg2wFiGte7gWfpfLBhAhgG9FPNcPHzZRjRxIx/OgkGpiPQCuHarOv7Fg LlXs6GR+cZtn+A9yoohTV4RfXjvfNPUb1+w9jGaRTf5dWtg/XzP3NO7bwftfxAZ2 7nYMvXh95tic1Dm2CKjTCzlgV6kUVyIH2EmUKdvX52GEUcmKhY9A6ZHeCh2gXRcc HKOuyY5mmDau5HCI1AV0TROzvZTZO15Em0EePWmKnwt46Z+lzoh3vZWRe839qoSQ n4stxK0hTEVClEkQwj50GZ0XhZlm69m6xwcUEKNmbkc0Tr2jQuKkwLd8ra4pmMnK bWi/tKyx2Lg= =0pHi END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

Application 1

Alert History

If you want to see full details history, please login or register.
Date Informations
2016-09-06 21:21:46
  • Multiple Updates
2016-09-04 05:25:31
  • Multiple Updates
2016-08-31 21:25:25
  • First insertion