Lucene search

CiscoCVE-2012-3056

HistoryJun 29, 2012 - 2:55 p.m.

CVE-2012-3056

2012-06-2914:55:01

CWE-119

cisco

web.nvd.nist.gov

cisco

webex

buffer overflow

wrf

remote code execution

denial of service

cve-2012-3056

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.007

Percentile

80.3%

JSON

Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCtz72946.

Affected configurations

Nvd

Node

ciscowebex_recording_format_playerRange27.11.0–27.11.26

ciscowebex_recording_format_playerRange27.21.0–27.21.10

ciscowebex_recording_format_playerRange27.25.0–27.25.11

ciscowebex_recording_format_playerRange27.32.0–27.32.2

ciscowebex_recording_format_playerRange28.0.0–28.0.1

VendorProductVersionCPE
ciscowebex_recording_format_player*cpe:2.3:a:cisco:webex_recording_format_player:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	webex_recording_format_player	*	cpe:2.3:a:cisco:webex_recording_format_player::::::::

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120627-webex

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.007

Percentile

80.3%

JSON

Related for CVE-2012-3056