Lucene search

CiscoCVE-2013-1116

HistorySep 06, 2013 - 11:15 a.m.

CVE-2013-1116

2013-09-0611:15:37

CWE-119

cisco

web.nvd.nist.gov

cisco

webex

arf

buffer overflow

remote code execution

denial of service

cve-2013-1116

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.012

Percentile

85.4%

JSON

Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted ARF file, aka Bug IDs CSCue74147 and CSCub28383.

Affected configurations

Nvd

Node

ciscowebex_advanced_recording_format_playerMatch27.11.26

ciscowebex_advanced_recording_format_playerMatch27.21.10

ciscowebex_advanced_recording_format_playerMatch27.25.10

ciscowebex_advanced_recording_format_playerMatch27.32.1

ciscowebex_advanced_recording_format_playerMatch28.0.0

VendorProductVersionCPE
ciscowebex_advanced_recording_format_player27.11.26cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.11.26:*:*:*:*:*:*:*
ciscowebex_advanced_recording_format_player27.21.10cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.21.10:*:*:*:*:*:*:*
ciscowebex_advanced_recording_format_player27.25.10cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.25.10:*:*:*:*:*:*:*
ciscowebex_advanced_recording_format_player27.32.1cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.32.1:*:*:*:*:*:*:*
ciscowebex_advanced_recording_format_player28.0.0cpe:2.3:a:cisco:webex_advanced_recording_format_player:28.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	webex_advanced_recording_format_player	27.11.26	cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.11.26:::::::*
cisco	webex_advanced_recording_format_player	27.21.10	cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.21.10:::::::*
cisco	webex_advanced_recording_format_player	27.25.10	cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.25.10:::::::*
cisco	webex_advanced_recording_format_player	27.32.1	cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.32.1:::::::*
cisco	webex_advanced_recording_format_player	28.0.0	cpe:2.3:a:cisco:webex_advanced_recording_format_player:28.0.0:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130904-webex

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.012

Percentile

85.4%

JSON

Related for CVE-2013-1116