Lucene search

CiscoCVE-2009-2879

HistoryDec 18, 2009 - 7:30 p.m.

CVE-2009-2879

2009-12-1819:30:00

CWE-119

cisco

web.nvd.nist.gov

cve-2009-2879

heap-based buffer overflow

cisco webex wrf player

remote code execution

denial of service

wrf file

security vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.03

Percentile

91.0%

JSON

Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878.

Affected configurations

Nvd

Node

ciscowebexMatch26.00linux

ciscowebexMatch26.00mac_os_x

ciscowebexMatch26.00windows

ciscowebexMatch27.00linux

ciscowebexMatch27.00mac_os_x

ciscowebexMatch27.00windows

VendorProductVersionCPE
ciscowebex26.00cpe:/a:cisco:webex:26.00:::
ciscowebex27.00cpe:/a:cisco:webex:27.00:::

Vendor	Product	Version	CPE
cisco	webex	26.00	cpe:/a:cisco:webex:26.00:::
cisco	webex	27.00	cpe:/a:cisco:webex:27.00:::

References

secunia.com/advisories/37810

securitytracker.com/id?1023360

tools.cisco.com/security/center/viewAlert.x?alertId=19499

tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml

www.fortiguard.com/advisory/FGA-2009-48.html

www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.heap.overflow.html

www.osvdb.org/61129

www.securityfocus.com/bid/37352

www.vupen.com/english/advisories/2009/3574

exchange.xforce.ibmcloud.com/vulnerabilities/54841

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.03

Percentile

91.0%

JSON

Related for CVE-2009-2879