Vulnerabilites related to cisco - webex
CVE-2017-3823 (GCVE-0-2017-3823)
Vulnerability from cvelistv5
Published
2017-02-01 11:00
Modified
2024-08-05 14:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco WebEx browser extensions |
Version: Cisco WebEx browser extensions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:40.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"name": "VU#909240",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/909240"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"name": "95737",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95737"
},
{
"name": "1037680",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037680"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx browser extensions",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco WebEx browser extensions"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-09T13:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"name": "VU#909240",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/909240"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"name": "95737",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95737"
},
{
"name": "1037680",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037680"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-3823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx browser extensions",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx browser extensions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"name": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"name": "VU#909240",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/909240"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
},
{
"name": "https://blog.filippo.io/webex-extension-vulnerability/",
"refsource": "MISC",
"url": "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"name": "95737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95737"
},
{
"name": "1037680",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037680"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-3823",
"datePublished": "2017-02-01T11:00:00",
"dateReserved": "2016-12-21T00:00:00",
"dateUpdated": "2024-08-05T14:39:40.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2875 (GCVE-0-2009-2875)
Vulnerability from cvelistv5
Published
2009-12-18 19:00
Modified
2024-08-07 06:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name": "37810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37810"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.dos.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "61125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/61125"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "37352",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name": "37810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37810"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.dos.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "61125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/61125"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "37352",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-2875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://www.fortiguard.com/advisory/FGA-2009-48.html",
"refsource": "MISC",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name": "37810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37810"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.dos.html",
"refsource": "MISC",
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.dos.html"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "61125",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/61125"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023360"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "37352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-2875",
"datePublished": "2009-12-18T19:00:00",
"dateReserved": "2009-08-19T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2877 (GCVE-0-2009-2877)
Vulnerability from cvelistv5
Published
2009-12-18 19:00
Modified
2024-08-07 06:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name": "37810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37810"
},
{
"name": "61127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/61127"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.ataudio.buffer.overflow.html"
},
{
"name": "37352",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name": "37810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37810"
},
{
"name": "61127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/61127"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.ataudio.buffer.overflow.html"
},
{
"name": "37352",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-2877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://www.fortiguard.com/advisory/FGA-2009-48.html",
"refsource": "MISC",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name": "37810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37810"
},
{
"name": "61127",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/61127"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023360"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.ataudio.buffer.overflow.html",
"refsource": "MISC",
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.ataudio.buffer.overflow.html"
},
{
"name": "37352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-2877",
"datePublished": "2009-12-18T19:00:00",
"dateReserved": "2009-08-19T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6399 (GCVE-0-2012-6399)
Vulnerability from cvelistv5
Published
2013-05-27 14:00
Modified
2024-09-16 22:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-27T14:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "51412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51412"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-6399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51412"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-6399",
"datePublished": "2013-05-27T14:00:00Z",
"dateReserved": "2012-12-16T00:00:00Z",
"dateUpdated": "2024-09-16T22:25:14.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2878 (GCVE-0-2009-2878)
Vulnerability from cvelistv5
Published
2009-12-18 19:00
Modified
2024-08-07 06:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name": "37810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37810"
},
{
"name": "61128",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/61128"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-013-cisco.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "37352",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name": "37810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37810"
},
{
"name": "61128",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/61128"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-013-cisco.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "37352",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-2878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://www.fortiguard.com/advisory/FGA-2009-48.html",
"refsource": "MISC",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name": "37810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37810"
},
{
"name": "61128",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/61128"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-013-cisco.html",
"refsource": "MISC",
"url": "http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-013-cisco.html"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023360"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "37352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-2878",
"datePublished": "2009-12-18T19:00:00",
"dateReserved": "2009-08-19T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3425 (GCVE-0-2013-3425)
Vulnerability from cvelistv5
Published
2013-07-31 01:00
Modified
2024-08-06 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:38.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130730 Cisco WebEx Information Disclosure through Inconsistent Error Messages Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3425"
},
{
"name": "cisco-webex-cve20133425-info-disc(86150)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86150"
},
{
"name": "95876",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95876"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130730 Cisco WebEx Information Disclosure through Inconsistent Error Messages Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3425"
},
{
"name": "cisco-webex-cve20133425-info-disc(86150)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86150"
},
{
"name": "95876",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95876"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130730 Cisco WebEx Information Disclosure through Inconsistent Error Messages Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3425"
},
{
"name": "cisco-webex-cve20133425-info-disc(86150)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86150"
},
{
"name": "95876",
"refsource": "OSVDB",
"url": "http://osvdb.org/95876"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-3425",
"datePublished": "2013-07-31T01:00:00",
"dateReserved": "2013-05-06T00:00:00",
"dateUpdated": "2024-08-06T16:07:38.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2879 (GCVE-0-2009-2879)
Vulnerability from cvelistv5
Published
2009-12-18 19:00
Modified
2024-08-07 06:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name": "37810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37810"
},
{
"name": "61129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/61129"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.heap.overflow.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "37352",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name": "37810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37810"
},
{
"name": "61129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/61129"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.heap.overflow.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "37352",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-2879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://www.fortiguard.com/advisory/FGA-2009-48.html",
"refsource": "MISC",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name": "37810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37810"
},
{
"name": "61129",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/61129"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.heap.overflow.html",
"refsource": "MISC",
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.heap.overflow.html"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023360"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "37352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-2879",
"datePublished": "2009-12-18T19:00:00",
"dateReserved": "2009-08-19T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2876 (GCVE-0-2009-2876)
Vulnerability from cvelistv5
Published
2009-12-18 19:00
Modified
2024-08-07 06:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-012-cisco.html"
},
{
"name": "37810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37810"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "61126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/61126"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "37352",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-012-cisco.html"
},
{
"name": "37810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37810"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "61126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/61126"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "37352",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-2876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://www.fortiguard.com/advisory/FGA-2009-48.html",
"refsource": "MISC",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name": "http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-012-cisco.html",
"refsource": "MISC",
"url": "http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-012-cisco.html"
},
{
"name": "37810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37810"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "61126",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/61126"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023360"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "37352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-2876",
"datePublished": "2009-12-18T19:00:00",
"dateReserved": "2009-08-19T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2880 (GCVE-0-2009-2880)
Vulnerability from cvelistv5
Published
2009-12-18 19:00
Modified
2024-08-07 06:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name": "37810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37810"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atrpui.dos.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "37352",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
},
{
"name": "61130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/61130"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name": "37810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37810"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atrpui.dos.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "37352",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
},
{
"name": "61130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/61130"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-2880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://www.fortiguard.com/advisory/FGA-2009-48.html",
"refsource": "MISC",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name": "37810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37810"
},
{
"name": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atrpui.dos.html",
"refsource": "MISC",
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atrpui.dos.html"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "1023360",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023360"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "37352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
},
{
"name": "61130",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/61130"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-2880",
"datePublished": "2009-12-18T19:00:00",
"dateReserved": "2009-08-19T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-12-18 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://secunia.com/advisories/37810 | Vendor Advisory | |
| psirt@cisco.com | http://securitytracker.com/id?1023360 | ||
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=19499 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml | Patch, Vendor Advisory | |
| psirt@cisco.com | http://www.fortiguard.com/advisory/FGA-2009-48.html | ||
| psirt@cisco.com | http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.dos.html | ||
| psirt@cisco.com | http://www.osvdb.org/61125 | ||
| psirt@cisco.com | http://www.securityfocus.com/bid/37352 | ||
| psirt@cisco.com | http://www.vupen.com/english/advisories/2009/3574 | Patch, Vendor Advisory | |
| psirt@cisco.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/54841 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37810 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023360 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=19499 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fortiguard.com/advisory/FGA-2009-48.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.dos.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/61125 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/37352 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3574 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/54841 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:linux:*:*:*:*:*",
"matchCriteriaId": "B166A339-531A-4EEC-A0B2-ED84F0D7ED9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "E089FB47-7DFA-46AA-BDEF-19B9154E7032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:windows:*:*:*:*:*",
"matchCriteriaId": "08DA35E1-8C66-47A8-8E9E-7F0C4272F3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:linux:*:*:*:*:*",
"matchCriteriaId": "A3565994-AF5D-45D5-9F0D-1AFD2D33336C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "ADD29395-572F-464B-A8A1-B888603343C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:windows:*:*:*:*:*",
"matchCriteriaId": "5257EB4E-CC29-4077-AC69-EBF6966C8FB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en atas32.dll en Cisco WebEx WRF Player v26.x antes de v26.49.32 para Windows, v27.x antes v27.10.x para Windows, v26.x antes de v26.49.35 para Mac OS X y Linux, y v27.x antes de v27.11.8 para Mac OS X y Linux, permite a atacantes remotos causar una denegaci\u00f3n de servicio (por ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de formato de grabaci\u00f3n WebEx (.wrf) debidamente modificado."
}
],
"id": "CVE-2009-2875",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-18T19:30:00.313",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37810"
},
{
"source": "psirt@cisco.com",
"url": "http://securitytracker.com/id?1023360"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"source": "psirt@cisco.com",
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.dos.html"
},
{
"source": "psirt@cisco.com",
"url": "http://www.osvdb.org/61125"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.dos.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/61125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-27 14:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://secunia.com/advisories/51412 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/51412 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex:4.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "4D712188-904F-4E96-8F0F-D1795AC2D976",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176."
},
{
"lang": "es",
"value": "Cisco WebEx v4.1 en iOS no comprueba que el nombre del servidor coincida con el nombre de dominio en el Common Name (CN) del certificado o el campo subjectAltName del certificado X.509, permitiendo ataques man-in-the-middle para falsificar servidores SSL mediante un certificado v\u00e1lido de su elecci\u00f3n, tambi\u00e9n conocido como Bug ID CSCud94176."
}
],
"id": "CVE-2012-6399",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-05-27T14:55:01.037",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51412"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-31 13:20
Modified
2025-04-11 00:51
Severity ?
Summary
The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://osvdb.org/95876 | ||
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3425 | Vendor Advisory | |
| psirt@cisco.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/86150 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/95876 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3425 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/86150 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2071CD29-0DF8-4B7C-B4BC-76236DC86605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965."
},
{
"lang": "es",
"value": "El componente Meeting Center en Cisco WebEx 11 genere mensajes de error distintos para los intentos de acceso a ficheros dependiendo si un archivo existe, lo que permite a usuarios autenticados remotamente el listado de archivos a trav\u00e9s de una serie de llamadas SPI. Aka Bug ID CSCuc35965."
}
],
"id": "CVE-2013-3425",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-31T13:20:18.877",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/95876"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3425"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86150"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-18 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://secunia.com/advisories/37810 | Vendor Advisory | |
| psirt@cisco.com | http://securitytracker.com/id?1023360 | ||
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=19499 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml | Patch, Vendor Advisory | |
| psirt@cisco.com | http://www.fortiguard.com/advisory/FGA-2009-48.html | ||
| psirt@cisco.com | http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.heap.overflow.html | ||
| psirt@cisco.com | http://www.osvdb.org/61129 | ||
| psirt@cisco.com | http://www.securityfocus.com/bid/37352 | ||
| psirt@cisco.com | http://www.vupen.com/english/advisories/2009/3574 | Patch, Vendor Advisory | |
| psirt@cisco.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/54841 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37810 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023360 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=19499 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fortiguard.com/advisory/FGA-2009-48.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.heap.overflow.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/61129 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/37352 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3574 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/54841 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:linux:*:*:*:*:*",
"matchCriteriaId": "B166A339-531A-4EEC-A0B2-ED84F0D7ED9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "E089FB47-7DFA-46AA-BDEF-19B9154E7032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:windows:*:*:*:*:*",
"matchCriteriaId": "08DA35E1-8C66-47A8-8E9E-7F0C4272F3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:linux:*:*:*:*:*",
"matchCriteriaId": "A3565994-AF5D-45D5-9F0D-1AFD2D33336C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "ADD29395-572F-464B-A8A1-B888603343C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:windows:*:*:*:*:*",
"matchCriteriaId": "5257EB4E-CC29-4077-AC69-EBF6966C8FB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en pila en atas32.dll en Cisco WebEx WRF Player v26.x antes de v26.49.32 (alias T26SP49EP32) para Windows, v27.x antes de v27.10.x (alias T27SP10) para Windows, v26.x antes de v26.49.35 para Mac OS X y Linux, y v27.x antes v27.11.8 para Mac OS X y Linux, permite a atacantes remotos causar una denegaci\u00f3n de servicio (por ca\u00edda de la aplicaci\u00f3n) o ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de Formato de grabaci\u00f3n WebEx (.wrf) debidamente modificado. Se trata de una vulnerabilidad diferente a CVE-2009-2876 y CVE-2009-2878."
}
],
"id": "CVE-2009-2879",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-18T19:30:00.453",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37810"
},
{
"source": "psirt@cisco.com",
"url": "http://securitytracker.com/id?1023360"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"source": "psirt@cisco.com",
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.heap.overflow.html"
},
{
"source": "psirt@cisco.com",
"url": "http://www.osvdb.org/61129"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.heap.overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/61129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-18 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-012-cisco.html | ||
| psirt@cisco.com | http://secunia.com/advisories/37810 | Vendor Advisory | |
| psirt@cisco.com | http://securitytracker.com/id?1023360 | ||
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=19499 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml | Patch, Vendor Advisory | |
| psirt@cisco.com | http://www.fortiguard.com/advisory/FGA-2009-48.html | ||
| psirt@cisco.com | http://www.osvdb.org/61126 | ||
| psirt@cisco.com | http://www.securityfocus.com/bid/37352 | ||
| psirt@cisco.com | http://www.vupen.com/english/advisories/2009/3574 | Vendor Advisory | |
| psirt@cisco.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/54841 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-012-cisco.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37810 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023360 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=19499 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fortiguard.com/advisory/FGA-2009-48.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/61126 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/37352 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3574 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/54841 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:linux:*:*:*:*:*",
"matchCriteriaId": "B166A339-531A-4EEC-A0B2-ED84F0D7ED9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "E089FB47-7DFA-46AA-BDEF-19B9154E7032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:windows:*:*:*:*:*",
"matchCriteriaId": "08DA35E1-8C66-47A8-8E9E-7F0C4272F3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:linux:*:*:*:*:*",
"matchCriteriaId": "A3565994-AF5D-45D5-9F0D-1AFD2D33336C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "ADD29395-572F-464B-A8A1-B888603343C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:windows:*:*:*:*:*",
"matchCriteriaId": "5257EB4E-CC29-4077-AC69-EBF6966C8FB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en pila en atas32.dll en Cisco WebEx WRF Player v26.x antes de v26.49.32 (alias T26SP49EP32) para Windows, v27.x antes de v27.10.x (alias T27SP10) para Windows, v26.x antes de v26.49.35 para Mac OS X y Linux, y v27.x antes v27.11.8 para Mac OS X y Linux, permite a atacantes remotos causar una denegaci\u00f3n de servicio (por ca\u00edda de la aplicaci\u00f3n) o ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de formato de grabaci\u00f3n WebEx (.wrf) debidamente modificado. Se trata de una vulnerabilidad diferente a CVE-2009-2878 y CVE-2009-2879."
}
],
"id": "CVE-2009-2876",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-18T19:30:00.343",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-012-cisco.html"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37810"
},
{
"source": "psirt@cisco.com",
"url": "http://securitytracker.com/id?1023360"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"source": "psirt@cisco.com",
"url": "http://www.osvdb.org/61126"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-012-cisco.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/61126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-18 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://secunia.com/advisories/37810 | Vendor Advisory | |
| psirt@cisco.com | http://securitytracker.com/id?1023360 | ||
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=19499 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml | Patch, Vendor Advisory | |
| psirt@cisco.com | http://www.fortiguard.com/advisory/FGA-2009-48.html | ||
| psirt@cisco.com | http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.ataudio.buffer.overflow.html | ||
| psirt@cisco.com | http://www.osvdb.org/61127 | ||
| psirt@cisco.com | http://www.securityfocus.com/bid/37352 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://www.vupen.com/english/advisories/2009/3574 | Patch, Vendor Advisory | |
| psirt@cisco.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/54841 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37810 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023360 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=19499 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fortiguard.com/advisory/FGA-2009-48.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.ataudio.buffer.overflow.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/61127 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/37352 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3574 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/54841 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:linux:*:*:*:*:*",
"matchCriteriaId": "B166A339-531A-4EEC-A0B2-ED84F0D7ED9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "E089FB47-7DFA-46AA-BDEF-19B9154E7032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:windows:*:*:*:*:*",
"matchCriteriaId": "08DA35E1-8C66-47A8-8E9E-7F0C4272F3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:linux:*:*:*:*:*",
"matchCriteriaId": "A3565994-AF5D-45D5-9F0D-1AFD2D33336C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "ADD29395-572F-464B-A8A1-B888603343C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:windows:*:*:*:*:*",
"matchCriteriaId": "5257EB4E-CC29-4077-AC69-EBF6966C8FB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en pila en ataudio.dll en Cisco WebEx WRF Player v26.x antes de v26.49.32 para Windows, v27.x antes de v27.10.x (alias T27SP10) para Windows, v26.x antes de v26.49.35 para Mac OS X y Linux, y v27.x antes v27.11.8 para Mac OS X y Linux, permite a atacantes remotos causar una denegaci\u00f3n de servicio (por ca\u00edda de la aplicaci\u00f3n) o ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de Formato de grabaci\u00f3n WebEx (.wrf) debidamente modificado."
}
],
"id": "CVE-2009-2877",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-18T19:30:00.390",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37810"
},
{
"source": "psirt@cisco.com",
"url": "http://securitytracker.com/id?1023360"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"source": "psirt@cisco.com",
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.ataudio.buffer.overflow.html"
},
{
"source": "psirt@cisco.com",
"url": "http://www.osvdb.org/61127"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/37352"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.ataudio.buffer.overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/61127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/37352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-18 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://secunia.com/advisories/37810 | Vendor Advisory | |
| psirt@cisco.com | http://securitytracker.com/id?1023360 | ||
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=19499 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml | Patch, Vendor Advisory | |
| psirt@cisco.com | http://www.fortiguard.com/advisory/FGA-2009-48.html | ||
| psirt@cisco.com | http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atrpui.dos.html | ||
| psirt@cisco.com | http://www.osvdb.org/61130 | ||
| psirt@cisco.com | http://www.securityfocus.com/bid/37352 | ||
| psirt@cisco.com | http://www.vupen.com/english/advisories/2009/3574 | Patch, Vendor Advisory | |
| psirt@cisco.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/54841 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37810 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023360 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=19499 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fortiguard.com/advisory/FGA-2009-48.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atrpui.dos.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/61130 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/37352 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3574 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/54841 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:linux:*:*:*:*:*",
"matchCriteriaId": "B166A339-531A-4EEC-A0B2-ED84F0D7ED9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "E089FB47-7DFA-46AA-BDEF-19B9154E7032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:windows:*:*:*:*:*",
"matchCriteriaId": "08DA35E1-8C66-47A8-8E9E-7F0C4272F3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:linux:*:*:*:*:*",
"matchCriteriaId": "A3565994-AF5D-45D5-9F0D-1AFD2D33336C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "ADD29395-572F-464B-A8A1-B888603343C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:windows:*:*:*:*:*",
"matchCriteriaId": "5257EB4E-CC29-4077-AC69-EBF6966C8FB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en atrpui.dll en Cisco WebEx WRF Player v26.x antes de v26.49.32 para Windows, v27.x antes v27.10.x para Windows, v26.x antes de v26.49.35 para Mac OS X y Linux, y v27.x antes de v27.11.8 para Mac OS X y Linux, permite a atacantes remotos causar una denegaci\u00f3n de servicio (por ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de Formato de grabaci\u00f3n de WebEx (.wrf) debidamente modificado."
}
],
"id": "CVE-2009-2880",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-18T19:30:00.483",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37810"
},
{
"source": "psirt@cisco.com",
"url": "http://securitytracker.com/id?1023360"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"source": "psirt@cisco.com",
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atrpui.dos.html"
},
{
"source": "psirt@cisco.com",
"url": "http://www.osvdb.org/61130"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atrpui.dos.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/61130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 11:59
Modified
2025-04-20 01:37
Severity ?
Summary
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/95737 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1037680 | ||
| psirt@cisco.com | https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html | ||
| psirt@cisco.com | https://blog.filippo.io/webex-extension-vulnerability/ | ||
| psirt@cisco.com | https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 | Technical Description, Third Party Advisory | |
| psirt@cisco.com | https://bugs.chromium.org/p/project-zero/issues/detail?id=1100 | ||
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex | Vendor Advisory | |
| psirt@cisco.com | https://www.kb.cert.org/vuls/id/909240 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95737 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037680 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.filippo.io/webex-extension-vulnerability/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/project-zero/issues/detail?id=1100 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/909240 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | activetouch_general_plugin_container | 105 | |
| cisco | download_manager | 2.1.0.9 | |
| cisco | gpccontainer_class | * | |
| cisco | webex | * | |
| cisco | webex_meetings_server | 2.0_base | |
| cisco | webex_meetings_server | 2.0_mr2 | |
| cisco | webex_meetings_server | 2.0_mr3 | |
| cisco | webex_meetings_server | 2.0_mr4 | |
| cisco | webex_meetings_server | 2.0_mr5 | |
| cisco | webex_meetings_server | 2.0_mr6 | |
| cisco | webex_meetings_server | 2.0_mr7 | |
| cisco | webex_meetings_server | 2.0_mr8 | |
| cisco | webex_meetings_server | 2.0_mr8 | |
| cisco | webex_meetings_server | 2.0_mr9 | |
| cisco | webex_meetings_server | 2.0_mr9 | |
| cisco | webex_meetings_server | 2.0_mr9 | |
| cisco | webex_meetings_server | 2.0_mr9 | |
| cisco | webex_meetings_server | 2.5_base | |
| cisco | webex_meetings_server | 2.5_mr1 | |
| cisco | webex_meetings_server | 2.5_mr2 | |
| cisco | webex_meetings_server | 2.5_mr2 | |
| cisco | webex_meetings_server | 2.5_mr3 | |
| cisco | webex_meetings_server | 2.5_mr4 | |
| cisco | webex_meetings_server | 2.5_mr5 | |
| cisco | webex_meetings_server | 2.5_mr5 | |
| cisco | webex_meetings_server | 2.5_mr6 | |
| cisco | webex_meetings_server | 2.5_mr6 | |
| cisco | webex_meetings_server | 2.5_mr6 | |
| cisco | webex_meetings_server | 2.5_mr6 | |
| cisco | webex_meetings_server | 2.6_base | |
| cisco | webex_meetings_server | 2.6_mr1 | |
| cisco | webex_meetings_server | 2.6_mr1 | |
| cisco | webex_meetings_server | 2.6_mr2 | |
| cisco | webex_meetings_server | 2.6_mr2 | |
| cisco | webex_meetings_server | 2.6_mr3 | |
| cisco | webex_meetings_server | 2.6_mr3 | |
| cisco | webex_meetings_server | 2.7_base | |
| cisco | webex_meetings_server | 2.7_mr1 | |
| cisco | webex_meetings_server | 2.7_mr1 | |
| cisco | webex_meetings_server | 2.7_mr2 | |
| cisco | webex_meeting_center | 2.6_base | |
| cisco | webex_meeting_center | 2.6_mr1 | |
| cisco | webex_meeting_center | 2.6_mr1 | |
| cisco | webex_meeting_center | 2.6_mr2 | |
| cisco | webex_meeting_center | 2.6_mr2 | |
| cisco | webex_meeting_center | 2.6_mr3 | |
| cisco | webex_meeting_center | 2.6_mr3 | |
| cisco | webex_meeting_center | 2.7_base | |
| cisco | webex_meeting_center | 2.7_mr1 | |
| cisco | webex_meeting_center | 2.7_mr1 | |
| cisco | webex_meeting_center | 2.7_mr2 | |
| cisco | webex_meeting_center | t29_base | |
| cisco | webex_meeting_center | t30_base | |
| cisco | webex_meeting_center | t31_base |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:activetouch_general_plugin_container:105:*:*:*:*:firefox:*:*",
"matchCriteriaId": "7C4F4E52-9923-47E0-8990-8DB3761C724F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:download_manager:2.1.0.9:*:*:*:*:internet_explorer:*:*",
"matchCriteriaId": "8E2D077D-DB25-4D10-A4DD-7E55CD7B6050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:gpccontainer_class:*:*:*:*:*:internet_explorer:*:*",
"matchCriteriaId": "E7F1F1F5-E057-42F2-878B-CD62E4B7D4E2",
"versionEndIncluding": "10031.6.2017.0125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:*:*:*:*:*:chrome:*:*",
"matchCriteriaId": "E1B0BEA6-F4C4-4A54-AFF8-E16B4C110AED",
"versionEndIncluding": "1.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "80B9A3E8-DD9D-451B-81A4-BADA16512845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E84A595-4A33-4FA1-AF86-DFCBECAB8D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "56F6DDAE-BD36-4D8D-BC48-DD229F33125A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr4:*:*:*:*:*:*:*",
"matchCriteriaId": "2010E860-9DA9-4706-BEE7-7521BCBC5E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1C2055-272B-403A-9BF8-5FA8CFBC933D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr6:*:*:*:*:*:*:*",
"matchCriteriaId": "346A7C39-AF2E-499F-B77E-0F80787D268E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr7:*:*:*:*:*:*:*",
"matchCriteriaId": "98825256-4520-473B-AC9F-F74B9D95DD0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr8:*:*:*:*:*:*:*",
"matchCriteriaId": "913EC8D3-A9A3-4FC6-B2FD-87003F985F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr8:p1:*:*:*:*:*:*",
"matchCriteriaId": "DB03D1C7-F4BA-4B0E-814F-3C43395AC928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:*:*:*:*:*:*:*",
"matchCriteriaId": "339D371C-57FF-43AD-97DB-A8FA9ADCB796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p1:*:*:*:*:*:*",
"matchCriteriaId": "2F0B9AE4-75B8-43BC-B66B-0ABE6C21599F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p2:*:*:*:*:*:*",
"matchCriteriaId": "09EB75CC-8EBD-49D2-B986-CB83D2742A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p3:*:*:*:*:*:*",
"matchCriteriaId": "DF450A53-1F3F-415C-90C5-E43E9A37197F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_base:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4AF5A4-1B99-43F8-A659-7C57B033F2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F492431-5AE7-439F-81F1-B96EAD773E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC640D5-C840-4ABB-BD22-9B60BBFE8DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:p1:*:*:*:*:*:*",
"matchCriteriaId": "3C438DB1-1761-4C1B-A6DD-AD84853C5755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEB2094F-B0E1-4129-BFD6-9FE1687B0AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr4:*:*:*:*:*:*:*",
"matchCriteriaId": "16B75EA6-516D-4550-B83D-E0EFDAA25208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:*:*:*:*:*:*:*",
"matchCriteriaId": "48A2A712-E8FD-460F-9A3C-3760082B8920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:p1:*:*:*:*:*:*",
"matchCriteriaId": "EDB5ECBA-051E-4500-9B8C-82479D45164D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:*:*:*:*:*:*:*",
"matchCriteriaId": "8F6F5080-355B-4A85-8DF4-D75D6A550C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p1:*:*:*:*:*:*",
"matchCriteriaId": "CBDFC81E-CA80-4E31-B839-A98FAB4F92A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p2:*:*:*:*:*:*",
"matchCriteriaId": "23A09CF0-9C9B-4FBF-9AEC-285002175F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p3:*:*:*:*:*:*",
"matchCriteriaId": "69BC1C33-550D-405E-860B-35F301B8B2D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_base:*:*:*:*:*:*:*",
"matchCriteriaId": "21E55CCE-2B52-4865-8C63-7E6C779C20D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "9881CF16-F617-48DA-8CB8-08C3D943CCD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:p1:*:*:*:*:*:*",
"matchCriteriaId": "8D743715-37BA-4169-9C91-3BD5E28694F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFFB01B-1B4F-4072-A68C-98C538DE34ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:p1:*:*:*:*:*:*",
"matchCriteriaId": "47B6F991-49EC-444F-8883-A57C37E8BA29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "9309C030-2F02-4E7E-B3E3-035B93DD1E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:p1:*:*:*:*:*:*",
"matchCriteriaId": "A58843EB-A2C0-4034-967F-502A52DCC351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_base:*:*:*:*:*:*:*",
"matchCriteriaId": "30ECA8FE-D587-4692-AA90-9706E44BAC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DCD22A8-7E04-4782-AEB2-07878925A2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:p1:*:*:*:*:*:*",
"matchCriteriaId": "FF7208EC-0255-462E-B5DE-9D5617D8C20D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "396253A5-EC5F-429B-ABF3-20CB0A56E658",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_base:*:*:*:*:*:*:*",
"matchCriteriaId": "6589E647-4E17-44A9-A6C6-483C541E4095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFFA393-E70D-41C2-BB2D-147F8A6DFBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr1:p1:*:*:*:*:*:*",
"matchCriteriaId": "815D810A-003F-4D8F-B368-CC28152E60B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "28D63C8E-4EDE-4CAF-B7F6-9CB46AFE0664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr2:p1:*:*:*:*:*:*",
"matchCriteriaId": "A5F8D5F3-ED67-469D-BBCE-A7669BF85755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "85B536C7-3E9A-4862-9714-3BCA1A8C6815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr3:p1:*:*:*:*:*:*",
"matchCriteriaId": "56639D86-F53E-4334-A67C-D9DB2D5713E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.7_base:*:*:*:*:*:*:*",
"matchCriteriaId": "7288021F-83C7-49FC-9CC3-CC4B3877C412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.7_mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F99CC51-B1B2-4E1A-ACA6-766EE5907139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.7_mr1:p1:*:*:*:*:*:*",
"matchCriteriaId": "031E633D-2FED-4874-8D7D-4275875078FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.7_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "992973F3-E460-4AF5-B1BA-48CC61B87FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t29_base:*:*:*:*:*:*:*",
"matchCriteriaId": "D792EF72-4866-4DD9-AE59-468E49C7E31F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t30_base:*:*:*:*:*:*:*",
"matchCriteriaId": "1515E161-06AE-4A77-BA55-B04E0ECF05B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t31_base:*:*:*:*:*:*:*",
"matchCriteriaId": "77A34A56-995C-456D-9F66-2D4510A8746A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Cisco WebEx Extension en versiones anteriores a 1.0.7 en Google Chrome, el ActiveTouch General Pluging Container en versiones anteriores a 106 en Mozilla Firefox, el plugin de control GpcContainer Class Active X en versiones anteriores a 2.1.0.10 en Internet Explorer. Una vulnerabilidad en las extensiones del navegador CiscoWebEx podr\u00eda permitir a un atacante remoto no autenticado ejecutar c\u00f3digo arbitrario con privilegios del navegador afectado en el sistema afectado. Esta vulnerabilidad afecta a las extensiones del navegador para Cisco WebEx Meetings Server y Cisco WebEx Centers (Meeting Center, Event Center, Training Center, y Support Center) cuando se ejecutan en Microsoft Windows. La vulnerabilidad es un defecto de dise\u00f1o del int\u00e9rprete de respuesta de una interfaz de programaci\u00f3n de aplicaciones (API) dentro de la extensi\u00f3n. Un atacante que pueda convencer al usuario afectado para visitar una p\u00e1gina web controlada por un hacker o a pulsar un enlace proporcionado por un atacante con un navegador afectado puede explotar la vulnerabilidad. Si tiene \u00e9xito, el atacante puede ejecutar c\u00f3digo arbitrario con los privilegios del navegador afectado."
}
],
"id": "CVE-2017-3823",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T11:59:00.133",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95737"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1037680"
},
{
"source": "psirt@cisco.com",
"url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"source": "psirt@cisco.com",
"url": "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"source": "psirt@cisco.com",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"source": "psirt@cisco.com",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
},
{
"source": "psirt@cisco.com",
"url": "https://www.kb.cert.org/vuls/id/909240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/909240"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-18 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-013-cisco.html | ||
| psirt@cisco.com | http://secunia.com/advisories/37810 | Vendor Advisory | |
| psirt@cisco.com | http://securitytracker.com/id?1023360 | Patch | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=19499 | Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| psirt@cisco.com | http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml | Patch, Vendor Advisory | |
| psirt@cisco.com | http://www.fortiguard.com/advisory/FGA-2009-48.html | ||
| psirt@cisco.com | http://www.osvdb.org/61128 | ||
| psirt@cisco.com | http://www.securityfocus.com/bid/37352 | ||
| psirt@cisco.com | http://www.vupen.com/english/advisories/2009/3574 | Patch, Vendor Advisory | |
| psirt@cisco.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/54841 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-013-cisco.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37810 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023360 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=19499 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fortiguard.com/advisory/FGA-2009-48.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/61128 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/37352 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3574 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/54841 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:linux:*:*:*:*:*",
"matchCriteriaId": "B166A339-531A-4EEC-A0B2-ED84F0D7ED9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "E089FB47-7DFA-46AA-BDEF-19B9154E7032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:26.00:*:windows:*:*:*:*:*",
"matchCriteriaId": "08DA35E1-8C66-47A8-8E9E-7F0C4272F3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:linux:*:*:*:*:*",
"matchCriteriaId": "A3565994-AF5D-45D5-9F0D-1AFD2D33336C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "ADD29395-572F-464B-A8A1-B888603343C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:27.00:*:windows:*:*:*:*:*",
"matchCriteriaId": "5257EB4E-CC29-4077-AC69-EBF6966C8FB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879."
},
{
"lang": "es",
"value": "un desbordamiento de b\u00fafer basado en monticulo en atas32.dll en Cisco WebEx WRF Player v26.x antes de v26.49.32 (alias T26SP49EP32) para Windows, v27.x antes de v27.10.x (alias T27SP10) para Windows, v26.x antes de v26.49.35 para Mac OS X y Linux, y v27.x antes v27.11.8 para Mac OS X y Linux, permite a atacantes remotos causar una denegaci\u00f3n de servicio (por ca\u00edda de la aplicaci\u00f3n) o ejecutar c\u00f3digo arbitrario a trav\u00e9s de unarchivo de Formato de grabaci\u00f3n WebEx (.wrf) debidamente modificado. Se trata de una vulnerabilidad diferente a CVE-2009-2876 y CVE-2009-2879."
}
],
"id": "CVE-2009-2878",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-18T19:30:00.420",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-013-cisco.html"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37810"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023360"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"source": "psirt@cisco.com",
"url": "http://www.osvdb.org/61128"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-013-cisco.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/61128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}