CVE-2011-4004

Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:webex_recording_format_player:26:::::::*
	cpe:2.3:a:cisco:webex_recording_format_player:27:::::::*
	cpe:2.3:a:cisco:webex_recording_format_player:27.10:::::::*
	cpe:2.3:a:cisco:webex_recording_format_player:27.12:::::::*
	cpe:2.3:a:cisco:webex_recording_format_player:27.13:::::::*

History

No history.

Information

Published : 2011-10-27 21:55

Updated : 2024-02-04 17:54

NVD link : CVE-2011-4004

Mitre link : CVE-2011-4004

CVE.ORG link : CVE-2011-4004

JSON object : View

Products Affected

cisco

webex_recording_format_player

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2011-4004", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-10-27T21:55:01.107", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en la funcionalidad de procesamiento de ATAS32 en Cisco WebEx Recording Format (WRF) T26 player anterior a EP40 SP49 y SP28 anterior a T27 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo modificado WRF."}], "lastModified": "2012-04-06T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89A7EC6D-EFF7-494D-BBF7-787464A2858B"}, {"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F949C6D-8074-444B-986E-63F06F9A05A7"}, {"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B242684-7692-4F50-8419-587F0DCBC376"}, {"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D126564-E0D1-4E25-BD83-B10EF9AFBDA8"}, {"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4D92FB5-277D-43B8-8200-43E1FE102BA3"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}