Lucene search

CiscoCVE-2012-3057

HistoryJun 29, 2012 - 2:55 p.m.

CVE-2012-3057

2012-06-2914:55:01

CWE-119

cisco

web.nvd.nist.gov

cve-2012-3057

cisco

webex

buffer overflow

wrf

remote code execution

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.008

Percentile

82.4%

JSON

Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted size field in audio data within a WRF file, aka Bug ID CSCtz00755.

Affected configurations

Nvd

Node

ciscowebex_recording_format_playerRange27.11.0–27.11.26

ciscowebex_recording_format_playerRange27.21.0–27.21.10

ciscowebex_recording_format_playerRange27.25.0–27.25.11

ciscowebex_recording_format_playerRange27.32.0–27.32.2

ciscowebex_recording_format_playerRange28.0.0–28.0.1

VendorProductVersionCPE
ciscowebex_recording_format_player*cpe:2.3:a:cisco:webex_recording_format_player:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	webex_recording_format_player	*	cpe:2.3:a:cisco:webex_recording_format_player::::::::

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120627-webex

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.008

Percentile

82.4%

JSON

Related for CVE-2012-3057