CVSS: 9.3EPSS: 0%CPEs: 12EXPL: 0CVE-2020-3127 – Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3127
04 Mar 2020 — Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a li... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0103 – Cisco WebEx ARF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-0103
03 Jan 2018 — A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx ... • http://www.securityfocus.com/bid/102369 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.6EPSS: 1%CPEs: 4EXPL: 0CVE-2018-0104 – Cisco WebEx ARF File DLL Planting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-0104
03 Jan 2018 — A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Busine... • http://www.securityfocus.com/bid/102382 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6669 – Cisco WebEx Network Recording Player ARF File Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-6669
23 Jun 2017 — Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. The Cisco WebEx Network Recording Player is an applica... • http://www.securityfocus.com/bid/99196 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 3%CPEs: 1EXPL: 2CVE-2016-1415 – Cisco Webex Player T29.10 - '.ARF' Out-of-Bounds Memory Corruption
https://notcve.org/view.php?id=CVE-2016-1415
03 Sep 2016 — Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455. Cisco WebEx Meetings Player T29.10, cuando el soporte de archivo WRF está habilitado, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un archivo manipulado, también conocido como Bug ID CSCuz80455. Cisco Webex Player version T29.10 suffers from a .arf out-of-bounds memory ... • https://packetstorm.news/files/id/139133 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 3%CPEs: 1EXPL: 2CVE-2016-1464 – Cisco Webex Player T29.10 - '.WRF' Use-After-Free Memory Corruption
https://notcve.org/view.php?id=CVE-2016-1464
03 Sep 2016 — Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375. Cisco WebEx Meetings Player T29.10, cuando el soporte de archivo WRF está habilitado, permite a atacantes remotos ejecutar código arbitrario a través de un archivo manipulado, también conocido como Bug ID CSCva09375. Cisco Webex Player version T29.10 suffers from a .wrf use-after-free memory corruption vulnerability. • https://packetstorm.news/files/id/139134 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2132
https://notcve.org/view.php?id=CVE-2014-2132
08 May 2014 — Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of service (application crash) via a crafted (1) .wrf or (2) .arf file that triggers a buffer over-read, aka Bug ID CSCuh52768. Cisco WebEx Recording Format (WRF) Player y Advanced Recording Format (ARF) Player T27 LD anterior a SP32 EP16, T28 anterior a T28.12 y T29 anterior a T29.2 permiten a atacantes remotos causar ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 4%CPEs: 6EXPL: 0CVE-2014-2133
https://notcve.org/view.php?id=CVE-2014-2133
08 May 2014 — Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that triggers improper LZW decompression, aka Bug ID CSCuj87565. Desbordamiento de buffer en Cisco Advanced Recording Format (ARF) Player T27 LD anterior a SP32 EP16, T28 anterior a T28.12 y T29 anterior a T29.2 permite a atacantes remoto... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 6EXPL: 0CVE-2014-2134
https://notcve.org/view.php?id=CVE-2014-2134
08 May 2014 — Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio channel in a .wrf file, aka Bug ID CSCuc39458. Desbordamiento de buffer basado en memoria dinámica en Cisco WebEx Recording Format (WRF) Player T27 LD anterior a SP32 EP16, T28 anterior a T28.12 y T29 anterior a T29.2 permite a atacan... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 4%CPEs: 6EXPL: 0CVE-2014-2135
https://notcve.org/view.php?id=CVE-2014-2135
08 May 2014 — Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCul87216 and CSCuj07603. Desbordamiento de buffer en Cisco Advanced Recording Format (ARF) Player T27 LD anterior a SP32 EP16, T28 anterior a T28.12 y T29 anterior a T29.2 permite a atacantes remotos ejecutar código arbitra... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •