CVE-2011-3319

2011-10-2721:55:01

CWE-119

cisco

web.nvd.nist.gov

110

cve-2011-3319

buffer overflow

wrf parsing

cisco

webex

remote code execution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.443

Percentile

97.4%

JSON

Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.

Affected configurations

Nvd

Node

ciscowebex_recording_format_playerMatch26

ciscowebex_recording_format_playerMatch27

ciscowebex_recording_format_playerMatch27.10

ciscowebex_recording_format_playerMatch27.12

ciscowebex_recording_format_playerMatch27.13

VendorProductVersionCPE
ciscowebex_recording_format_player26cpe:2.3:a:cisco:webex_recording_format_player:26:*:*:*:*:*:*:*
ciscowebex_recording_format_player27cpe:2.3:a:cisco:webex_recording_format_player:27:*:*:*:*:*:*:*
ciscowebex_recording_format_player27.10cpe:2.3:a:cisco:webex_recording_format_player:27.10:*:*:*:*:*:*:*
ciscowebex_recording_format_player27.12cpe:2.3:a:cisco:webex_recording_format_player:27.12:*:*:*:*:*:*:*
ciscowebex_recording_format_player27.13cpe:2.3:a:cisco:webex_recording_format_player:27.13:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	webex_recording_format_player	26	cpe:2.3:a:cisco:webex_recording_format_player:26:::::::*
cisco	webex_recording_format_player	27	cpe:2.3:a:cisco:webex_recording_format_player:27:::::::*
cisco	webex_recording_format_player	27.10	cpe:2.3:a:cisco:webex_recording_format_player:27.10:::::::*
cisco	webex_recording_format_player	27.12	cpe:2.3:a:cisco:webex_recording_format_player:27.12:::::::*
cisco	webex_recording_format_player	27.13	cpe:2.3:a:cisco:webex_recording_format_player:27.13:::::::*