CVE-2011-3319

Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:webex_recording_format_player:26:::::::*
	cpe:2.3:a:cisco:webex_recording_format_player:27:::::::*
	cpe:2.3:a:cisco:webex_recording_format_player:27.10:::::::*
	cpe:2.3:a:cisco:webex_recording_format_player:27.12:::::::*
	cpe:2.3:a:cisco:webex_recording_format_player:27.13:::::::*

History

No history.

Information

Published : 2011-10-27 21:55

Updated : 2024-02-04 17:54

NVD link : CVE-2011-3319

Mitre link : CVE-2011-3319

CVE.ORG link : CVE-2011-3319

JSON object : View

Products Affected

cisco

webex_recording_format_player

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2011-3319", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-10-27T21:55:01.057", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en la funcionalidad de parseo WRF en Cisco WebEx Recording Format (WRF) player T26 anterior a SP49 EP40 y T27 anterior a SP28, permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un fichero WRF manipulado."}], "lastModified": "2012-04-06T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89A7EC6D-EFF7-494D-BBF7-787464A2858B"}, {"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F949C6D-8074-444B-986E-63F06F9A05A7"}, {"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B242684-7692-4F50-8419-587F0DCBC376"}, {"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D126564-E0D1-4E25-BD83-B10EF9AFBDA8"}, {"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4D92FB5-277D-43B8-8200-43E1FE102BA3"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}