CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6669 – Cisco WebEx Network Recording Player ARF File Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-6669
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. The Cisco WebEx Network Recording Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. • http://www.securityfocus.com/bid/99196 http://www.securitytracker.com/id/1038737 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2132
https://notcve.org/view.php?id=CVE-2014-2132
Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of service (application crash) via a crafted (1) .wrf or (2) .arf file that triggers a buffer over-read, aka Bug ID CSCuh52768. Cisco WebEx Recording Format (WRF) Player y Advanced Recording Format (ARF) Player T27 LD anterior a SP32 EP16, T28 anterior a T28.12 y T29 anterior a T29.2 permiten a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de un archivo (1) .wrf o (2) .arf manipulado que provoca una sobrelectura de buffer, también conocido como Bug ID CSCuh52768. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2134
https://notcve.org/view.php?id=CVE-2014-2134
Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio channel in a .wrf file, aka Bug ID CSCuc39458. Desbordamiento de buffer basado en memoria dinámica en Cisco WebEx Recording Format (WRF) Player T27 LD anterior a SP32 EP16, T28 anterior a T28.12 y T29 anterior a T29.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un canal de audio en un archivo .wrf, también conocido como Bug ID CSCuc39458. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 0CVE-2014-2133
https://notcve.org/view.php?id=CVE-2014-2133
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that triggers improper LZW decompression, aka Bug ID CSCuj87565. Desbordamiento de buffer en Cisco Advanced Recording Format (ARF) Player T27 LD anterior a SP32 EP16, T28 anterior a T28.12 y T29 anterior a T29.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un archivo .arf manipulado que provoca descompresión LZW indebida, también conocido como Bug ID CSCuj87565. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 0CVE-2014-2136
https://notcve.org/view.php?id=CVE-2014-2136
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCui72223, CSCul01163, and CSCul01166. Desbordamiento de buffer en Cisco Advanced Recording Format (ARF) Player T27 LD anterior a SP32 EP16, T28 anterior a T28.12 y T29 anterior a T29.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un archivo .arf manipulado, también conocido como Bug IDs CSCui72223, CSCul01163 y CSCul01166. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •