Vulnerability CVE-2010-3269
Published: 2011-02-02   Modified: 2012-02-13

Description:
Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to use of a function pointer in a callback mechanism.

See advisories in our WLB2 database:
Topic
Author
Date
High
Cisco WebEx .atp and .wrf Overflow Vulnerabilities
CORE Security Te...
03.02.2011

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cisco -> Webex advanced recording format player 
Cisco -> Webex recording format player 

 References:
http://securitytracker.com/id?1025015
http://tools.cisco.com/security/center/viewAlert.x?alertId=22016
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml
http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities
http://www.securityfocus.com/archive/1/516095/100/0/threaded
http://www.securityfocus.com/bid/46075
http://www.vupen.com/english/advisories/2011/0261
https://exchange.xforce.ibmcloud.com/vulnerabilities/65076
Copyright 2024, cxsecurity.com

 

Back to Top