CVE-2010-3043

Cisco Security Advisory 20110201-webex

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3044.

Múltiples desbordamientos de búfer en Cisco WebEx Recording Format (WRF) y Advanced Recording Format (ARF) Players T27LB anteriores a SP21 EP3 y T27LC anteriores a SP22, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o ejecutar código de su elección mediante ficheros (1) .wrf or (2) .arf manipulados, es una vulnerabilidad distinta a CVE-2010-3041, CVE-2010-3042, y CVE-2010-3044.

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system of a targeted user. The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on the computer of an on-line meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. The player can also be manually installed for offline playback after downloading the application from www.webex.com. If the WebEx recording player was automatically installed, it will be automatically upgraded to the latest, non-vulnerable version when users access a recording file that is hosted on a WebEx server. If the WebEx recording player was manually installed, users will need to manually install a new version of the player after downloading the latest version from www.webex.com. Cisco has released free software updates that address these vulnerabilities.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-08-17 CVE Reserved
2011-02-02 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (5)

URL	Tag	Source
http://securitytracker.com/id?1025016	Vdb Entry
http://tools.cisco.com/security/center/viewAlert.x?alertId=22016	X_refsource_confirm
http://www.securityfocus.com/bid/46075	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/65074	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml	2017-08-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Webex Recording Format Player Search vendor "Cisco" for product "Webex Recording Format Player"				26.49 Search vendor "Cisco" for product "Webex Recording Format Player" and version "26.49"		-		Affected
Cisco Search vendor "Cisco"		Webex Recording Format Player Search vendor "Cisco" for product "Webex Recording Format Player"				27.10 Search vendor "Cisco" for product "Webex Recording Format Player" and version "27.10"		-		Affected
Cisco Search vendor "Cisco"		Webex Recording Format Player Search vendor "Cisco" for product "Webex Recording Format Player"				27.11.0.3328 Search vendor "Cisco" for product "Webex Recording Format Player" and version "27.11.0.3328"		-		Affected
Cisco Search vendor "Cisco"		Webex Recording Format Player Search vendor "Cisco" for product "Webex Recording Format Player"				27.12 Search vendor "Cisco" for product "Webex Recording Format Player" and version "27.12"		-		Affected
Cisco Search vendor "Cisco"		Webex Recording Format Player Search vendor "Cisco" for product "Webex Recording Format Player"				27.13 Search vendor "Cisco" for product "Webex Recording Format Player" and version "27.13"		-		Affected
Cisco Search vendor "Cisco"		Webex Advanced Recording Format Player Search vendor "Cisco" for product "Webex Advanced Recording Format Player"				26.49 Search vendor "Cisco" for product "Webex Advanced Recording Format Player" and version "26.49"		-		Affected
Cisco Search vendor "Cisco"		Webex Advanced Recording Format Player Search vendor "Cisco" for product "Webex Advanced Recording Format Player"				27.10 Search vendor "Cisco" for product "Webex Advanced Recording Format Player" and version "27.10"		-		Affected
Cisco Search vendor "Cisco"		Webex Advanced Recording Format Player Search vendor "Cisco" for product "Webex Advanced Recording Format Player"				27.11.0.3328 Search vendor "Cisco" for product "Webex Advanced Recording Format Player" and version "27.11.0.3328"		-		Affected
Cisco Search vendor "Cisco"		Webex Advanced Recording Format Player Search vendor "Cisco" for product "Webex Advanced Recording Format Player"				27.12 Search vendor "Cisco" for product "Webex Advanced Recording Format Player" and version "27.12"		-		Affected
Cisco Search vendor "Cisco"		Webex Advanced Recording Format Player Search vendor "Cisco" for product "Webex Advanced Recording Format Player"				27.13 Search vendor "Cisco" for product "Webex Advanced Recording Format Player" and version "27.13"		-		Affected