CVE-2010-3044 (GCVE-0-2010-3044)

Vulnerability from cvelistv5 – Published: 2011-02-02 22:00 – Updated: 2024-08-07 02:55

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO
	http://www.fortiguard.com/advisory/FGA-2011-03.html	x_refsource_MISC
	http://tools.cisco.com/security/center/viewAlert.…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/46075	vdb-entryx_refsource_BID
	http://securitytracker.com/id?1025016	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:55:46.537Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-wrf-arf-bo(65075)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65075"
          },
          {
            "name": "20110201 Multiple Cisco WebEx Player Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/FGA-2011-03.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016"
          },
          {
            "name": "46075",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46075"
          },
          {
            "name": "1025016",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025016"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-wrf-arf-bo(65075)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65075"
        },
        {
          "name": "20110201 Multiple Cisco WebEx Player Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.fortiguard.com/advisory/FGA-2011-03.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016"
        },
        {
          "name": "46075",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46075"
        },
        {
          "name": "1025016",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025016"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2010-3044",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cisco-wrf-arf-bo(65075)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65075"
            },
            {
              "name": "20110201 Multiple Cisco WebEx Player Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml"
            },
            {
              "name": "http://www.fortiguard.com/advisory/FGA-2011-03.html",
              "refsource": "MISC",
              "url": "http://www.fortiguard.com/advisory/FGA-2011-03.html"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016"
            },
            {
              "name": "46075",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46075"
            },
            {
              "name": "1025016",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025016"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2010-3044",
    "datePublished": "2011-02-02T22:00:00",
    "dateReserved": "2010-08-17T00:00:00",
    "dateUpdated": "2024-08-07T02:55:46.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_recording_format_player:26.49:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA595A90-DF5A-406C-ABF3-B1A77C558A7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_recording_format_player:27.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B242684-7692-4F50-8419-587F0DCBC376\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_recording_format_player:27.11.0.3328:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"176F29FD-9938-4D62-90EF-B7EEEA345B0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_recording_format_player:27.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D126564-E0D1-4E25-BD83-B10EF9AFBDA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_recording_format_player:27.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4D92FB5-277D-43B8-8200-43E1FE102BA3\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_advanced_recording_format_player:26.49:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34E69005-589F-48AD-8E47-14515D3B821D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7993427-15B5-453E-B119-5D813AB7D679\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.11.0.3328:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"722F62C7-106D-453A-8E1C-A7F6B495D77F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7BAD3E5-99DA-4075-B081-4C79093A5975\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40FC3D3B-6D9A-4C08-9E98-08215071C64C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples desbordamientos de b\\u00fafer en los Reproductores WebEx Recording Format (WRF) y Advanced Recording Format (ARF) de Cisco Build T27LB anterior a SP21 EP3 y Build T27LC anterior a SP22, permite a los atacantes remotos causar una denegaci\\u00f3n de servicio (bloqueo de aplicaci\\u00f3n) o posiblemente ejecutar c\\u00f3digo arbitrario por medio de un archivo especialmente  dise\\u00f1ado (1) .wrf o (2) .arf, relacionado con la biblioteca atas32.dll, una vulnerabilidad diferente de CVE-2010-3041, CVE-2010-3042 y CVE-2010-3043.\"}]",
      "id": "CVE-2010-3044",
      "lastModified": "2024-11-21T01:17:55.977",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-02-02T23:00:31.393",
      "references": "[{\"url\": \"http://securitytracker.com/id?1025016\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=22016\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.fortiguard.com/advisory/FGA-2011-03.html\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securityfocus.com/bid/46075\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/65075\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://securitytracker.com/id?1025016\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=22016\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.fortiguard.com/advisory/FGA-2011-03.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/46075\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/65075\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3044\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2011-02-02T23:00:31.393\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer en los Reproductores WebEx Recording Format (WRF) y Advanced Recording Format (ARF) de Cisco Build T27LB anterior a SP21 EP3 y Build T27LC anterior a SP22, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario por medio de un archivo especialmente  dise\u00f1ado (1) .wrf o (2) .arf, relacionado con la biblioteca atas32.dll, una vulnerabilidad diferente de CVE-2010-3041, CVE-2010-3042 y CVE-2010-3043.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_recording_format_player:26.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA595A90-DF5A-406C-ABF3-B1A77C558A7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_recording_format_player:27.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B242684-7692-4F50-8419-587F0DCBC376\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_recording_format_player:27.11.0.3328:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"176F29FD-9938-4D62-90EF-B7EEEA345B0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_recording_format_player:27.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D126564-E0D1-4E25-BD83-B10EF9AFBDA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_recording_format_player:27.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4D92FB5-277D-43B8-8200-43E1FE102BA3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_advanced_recording_format_player:26.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34E69005-589F-48AD-8E47-14515D3B821D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7993427-15B5-453E-B119-5D813AB7D679\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.11.0.3328:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"722F62C7-106D-453A-8E1C-A7F6B495D77F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7BAD3E5-99DA-4075-B081-4C79093A5975\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40FC3D3B-6D9A-4C08-9E98-08215071C64C\"}]}]}],\"references\":[{\"url\":\"http://securitytracker.com/id?1025016\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=22016\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.fortiguard.com/advisory/FGA-2011-03.html\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securityfocus.com/bid/46075\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/65075\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://securitytracker.com/id?1025016\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=22016\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.fortiguard.com/advisory/FGA-2011-03.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/46075\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/65075\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-J75F-9WV2-95M3

Vulnerability from github – Published: 2022-05-17 02:05 – Updated: 2022-05-17 02:05

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-3044"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-02-02T23:00:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043.",
  "id": "GHSA-j75f-9wv2-95m3",
  "modified": "2022-05-17T02:05:46Z",
  "published": "2022-05-17T02:05:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3044"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65075"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1025016"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.fortiguard.com/advisory/FGA-2011-03.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/46075"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2011-AVI-050

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans Cisco WebEx Player peuvent être utilisées par une personne distante malveillante pour provoquer de l'exécution de code arbitraire.

Description

De multiples vulnérabilités de type débordement de mémoire ont été corrigées dans Cisco WebEx Player. Ces vulnérabilités peuvent être exploitées, au moyen de fichiers spécialement conçus, par une personne malveillante distante pour provoquer de l'exécution de code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco WebEx Player.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco 112244 du 01 février 2011	None	vendor-advisory
Bulletin de sécurité Cisco 20110201-webex du 03 février 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eCisco WebEx Player.\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s de type d\u00e9bordement de m\u00e9moire ont \u00e9t\u00e9\ncorrig\u00e9es dans Cisco WebEx Player. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre\nexploit\u00e9es, au moyen de fichiers sp\u00e9cialement con\u00e7us, par une personne\nmalveillante distante pour provoquer de l\u0027ex\u00e9cution de code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3043"
    },
    {
      "name": "CVE-2010-3044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3044"
    },
    {
      "name": "CVE-2010-3269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3269"
    },
    {
      "name": "CVE-2010-3042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3042"
    },
    {
      "name": "CVE-2010-3041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3041"
    },
    {
      "name": "CVE-2010-3270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3270"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20110201-webex du 03 f\u00e9vrier    2011 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110201-webex.shtml"
    }
  ],
  "reference": "CERTA-2011-AVI-050",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Cisco WebEx Player peuvent \u00eatre\nutilis\u00e9es par une personne distante malveillante pour provoquer de\nl\u0027ex\u00e9cution de code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco WebEx Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 112244 du 01 f\u00e9vrier 2011",
      "url": null
    }
  ]
}

CERTA-2011-AVI-050

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans Cisco WebEx Player peuvent être utilisées par une personne distante malveillante pour provoquer de l'exécution de code arbitraire.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco WebEx Player.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco 112244 du 01 février 2011	None	vendor-advisory
Bulletin de sécurité Cisco 20110201-webex du 03 février 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eCisco WebEx Player.\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s de type d\u00e9bordement de m\u00e9moire ont \u00e9t\u00e9\ncorrig\u00e9es dans Cisco WebEx Player. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre\nexploit\u00e9es, au moyen de fichiers sp\u00e9cialement con\u00e7us, par une personne\nmalveillante distante pour provoquer de l\u0027ex\u00e9cution de code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3043"
    },
    {
      "name": "CVE-2010-3044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3044"
    },
    {
      "name": "CVE-2010-3269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3269"
    },
    {
      "name": "CVE-2010-3042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3042"
    },
    {
      "name": "CVE-2010-3041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3041"
    },
    {
      "name": "CVE-2010-3270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3270"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20110201-webex du 03 f\u00e9vrier    2011 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110201-webex.shtml"
    }
  ],
  "reference": "CERTA-2011-AVI-050",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Cisco WebEx Player peuvent \u00eatre\nutilis\u00e9es par une personne distante malveillante pour provoquer de\nl\u0027ex\u00e9cution de code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco WebEx Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 112244 du 01 f\u00e9vrier 2011",
      "url": null
    }
  ]
}

FKIE_CVE-2010-3044

Vulnerability from fkie_nvd - Published: 2011-02-02 23:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://securitytracker.com/id?1025016
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=22016	Patch
psirt@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml	Patch, Vendor Advisory
psirt@cisco.com	http://www.fortiguard.com/advisory/FGA-2011-03.html
psirt@cisco.com	http://www.securityfocus.com/bid/46075
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/65075
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1025016
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=22016	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.fortiguard.com/advisory/FGA-2011-03.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46075
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/65075

Impacted products

Vendor	Product	Version
cisco	webex_recording_format_player	26.49
cisco	webex_recording_format_player	27.10
cisco	webex_recording_format_player	27.11.0.3328
cisco	webex_recording_format_player	27.12
cisco	webex_recording_format_player	27.13
cisco	webex_advanced_recording_format_player	26.49
cisco	webex_advanced_recording_format_player	27.10
cisco	webex_advanced_recording_format_player	27.11.0.3328
cisco	webex_advanced_recording_format_player	27.12
cisco	webex_advanced_recording_format_player	27.13

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:webex_recording_format_player:26.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA595A90-DF5A-406C-ABF3-B1A77C558A7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B242684-7692-4F50-8419-587F0DCBC376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.11.0.3328:*:*:*:*:*:*:*",
              "matchCriteriaId": "176F29FD-9938-4D62-90EF-B7EEEA345B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D126564-E0D1-4E25-BD83-B10EF9AFBDA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4D92FB5-277D-43B8-8200-43E1FE102BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:26.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "34E69005-589F-48AD-8E47-14515D3B821D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7993427-15B5-453E-B119-5D813AB7D679",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.11.0.3328:*:*:*:*:*:*:*",
              "matchCriteriaId": "722F62C7-106D-453A-8E1C-A7F6B495D77F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7BAD3E5-99DA-4075-B081-4C79093A5975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "40FC3D3B-6D9A-4C08-9E98-08215071C64C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en los Reproductores WebEx Recording Format (WRF) y Advanced Recording Format (ARF) de Cisco Build T27LB anterior a SP21 EP3 y Build T27LC anterior a SP22, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario por medio de un archivo especialmente  dise\u00f1ado (1) .wrf o (2) .arf, relacionado con la biblioteca atas32.dll, una vulnerabilidad diferente de CVE-2010-3041, CVE-2010-3042 y CVE-2010-3043."
    }
  ],
  "id": "CVE-2010-3044",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-02-02T23:00:31.393",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://securitytracker.com/id?1025016"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.fortiguard.com/advisory/FGA-2011-03.html"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/46075"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1025016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.fortiguard.com/advisory/FGA-2011-03.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65075"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201102-0310

Vulnerability from variot - Updated: 2023-12-18 12:58

Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043. Cisco WebEx is prone to multiple remote buffer-overflow vulnerabilities because it fails to perform adequate boundary-checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition.

The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on the computer of an on-line meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. The player can also be manually installed for offline playback after downloading the application from www.webex.com

If the WebEx recording player was automatically installed, it will be automatically upgraded to the latest, non-vulnerable version when users access a recording file that is hosted on a WebEx server. If the WebEx recording player was manually installed, users will need to manually install a new version of the player after downloading the latest version from www.webex.com

Cisco has released free software updates that address these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110201-webex.shtml.

Affected Products

Vulnerable Products +------------------

The vulnerabilities disclosed in this advisory affect the Cisco WebEx recording players. Microsoft Windows, Apple Mac OS X, and Linux versions of the player are all affected. Affected versions of the players are those prior to client builds T27LC SP22 and T27LB SP21 EP3. Customers who have contractual agreements that prevent WebEx from automatically upgrading a recording player to the latest version should contact their account manager to determine upgrade options.

To determine whether a Cisco WebEx server is running an affected version of the WebEx client build, users can log in to their Cisco WebEx server and go to the Support > Downloads section. The version of the WebEx client build will be displayed on the right side of the page under "About Support Center." See "Software Versions and Fixes" for details.

Cisco recommends that users upgrade to the most current version of the player that is available from www.webex.com/downloadplayer.html

Products Confirmed Not Vulnerable +--------------------------------

No other Cisco products are currently known to be affected by these vulnerabilities.

Details

The WebEx meeting service is a hosted multimedia conferencing solution that is managed and maintained by Cisco WebEx. The WRF and ARF file formats are used to store WebEx meeting recordings that have been recorded on the computer of an on-line meeting attendee. The players are applications that are used to play back and edit recording files (files with .wrf and .arf extensions). The recording players can be automatically installed when the user accesses a recording file that is hosted on a WebEx server (for stream playback mode). The recording players can also be manually installed after downloading the application from www.webex.com/downloadplayer.html to play back recording files locally (for offline playback mode).

Multiple buffer overflow vulnerabilities exist in the WRF and ARF players. The vulnerabilities may lead to a crash of the player application or, in some cases, remote code execution could occur.

To exploit one of these vulnerabilities, the player application would need to open a malicious WRF or ARF file. An attacker may be able to accomplish this exploit by providing the malicious recording file directly to users (for example, by using e-mail) or by directing a user to a malicious web page. The vulnerability cannot be triggered by users who are attending a WebEx meeting.

These vulnerabilities have been assigned the following Common Vulnerabilities and Exposures (CVE) identifiers:

CVE-2010-3269
CVE-2010-3041
CVE-2010-3042
CVE-2010-3043
CVE-2010-3044

Vulnerability Scoring Details

Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.

CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.

Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.

Cisco has provided an FAQ to answer additional questions regarding CVSS at:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at:

http://intellishield.cisco.com/security/alertmanager/cvss

Multiple Cisco WebEx Player Buffer Overflow Vulnerabilities

CVSS Base Score - 9.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete

CVSS Temporal Score - 7.7 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed

Impact

Successful exploitation of the vulnerabilities described in this document could result in a crash of the Cisco WebEx ARF Player or WRF Player application and, in some cases, allow a remote attacker to execute arbitrary code on the system with the privileges of the user who is running the recording player application.

Software Versions and Fixes

When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.

These vulnerabilities are first fixed in T27LC SP22 and T27LB SP21 EP3. For customers who are running T27LC SP22, the client build will be represented as 27.22SP.0.9253. The fix for customers who are running T27LB SP21 will be deployed by WebEx over the next few weeks. The client build will be determined after the software is deployed.

The client build is listed in the Support > Downloads section of the WebEx page after a user authenticates. WebEx bug fixes are cumulative in a major release. For example, if release 27.22SP.0 is fixed, release 27.22SP.1 will also have the software fix.

If a recording player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx server.

If a WebEx recording player was manually installed, users will need to manually install a new version of the player after downloading the latest version from www.webex.com/downloadplayer.html

Workarounds

There are no workarounds for the vulnerabilities disclosed in this advisory.

Obtaining Fixed Software

Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.

Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml

Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades.

Exploitation and Public Announcements

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.

These vulnerabilities were either found during internal testing or reported to Cisco by a variety of sources, including Core Security, TippingPoint, and Fortinet's FortiGuard Labs.

Cisco would like to thank these organizations for reporting these vulnerabilities.

Status of this Notice: FINAL

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.

Distribution

This advisory is posted on Cisco's worldwide website at :

http://www.cisco.com/warp/public/707/cisco-sa-20110201-webex.shtml

In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients.

cust-security-announce@cisco.com
first-bulletins@lists.first.org
bugtraq@securityfocus.com
vulnwatch@vulnwatch.org
cisco@spot.colorado.edu
cisco-nsp@puck.nether.net
full-disclosure@lists.grok.org.uk
comp.dcom.sys.cisco@newsgate.cisco.com

Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.

Revision History

+---------------------------------------+ | Revision | | Initial | | 1.0 | 2011-Feb-01 | public | | | | release. | +---------------------------------------+

Cisco Security Procedures

Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin)

iF4EAREIAAYFAk1IQjoACgkQQXnnBKKRMNCpdQEAg/vWtP38VKH2ZDeL9QMQfx6E M8nIZdeL2XGonJpT60IA/0APzTbZPE+9rWTi1Z0lJqIgCjHls3jo+sGQWSPvxxkS =Ur/Y -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201102-0310",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "webex recording format player",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "27.12"
      },
      {
        "model": "webex advanced recording format player",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "26.49"
      },
      {
        "model": "webex recording format player",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "27.13"
      },
      {
        "model": "webex recording format player",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "26.49"
      },
      {
        "model": "webex advanced recording format player",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "27.11.0.3328"
      },
      {
        "model": "webex advanced recording format player",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "27.10"
      },
      {
        "model": "webex recording format player",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "27.11.0.3328"
      },
      {
        "model": "webex recording format player",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "27.10"
      },
      {
        "model": "webex advanced recording format player",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "27.12"
      },
      {
        "model": "webex advanced recording format player",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "27.13"
      },
      {
        "model": "webex advanced recording format player",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "t27lb of  sp21 ep3"
      },
      {
        "model": "webex advanced recording format player",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "t27lc of  sp22"
      },
      {
        "model": "webex recording format player",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "t27lb of  sp21 ep3"
      },
      {
        "model": "webex recording format player",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "t27lc of  sp22"
      },
      {
        "model": "webex",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "27.00"
      },
      {
        "model": "webex",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "26.00"
      },
      {
        "model": "webex 27lc sp22",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex 27lb sp21 ep3",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "webex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "27.10"
      },
      {
        "model": "webex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "26.49.32"
      },
      {
        "model": "webex (mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x)27.11.8"
      },
      {
        "model": "webex (mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x)26.49.35"
      },
      {
        "model": "webex (mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x)27.00"
      },
      {
        "model": "webex (mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x)26.00"
      },
      {
        "model": "webex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "27.11.8"
      },
      {
        "model": "webex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "26.49.35"
      },
      {
        "model": "webex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "webex (mac os 27lc sp22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x)"
      },
      {
        "model": "webex (mac os 27lb sp21 ep3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "x)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "46075"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003860"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-031"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_recording_format_player:26.49:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_recording_format_player:27.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_recording_format_player:27.11.0.3328:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_recording_format_player:27.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_recording_format_player:27.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:26.49:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.11.0.3328:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-3044"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Federico MuttisTippingPoint \u003chttp://www.tippingpoint.com/\u003e",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-031"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2010-3044",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2010-3044",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-45649",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-3044",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201102-031",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-45649",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45649"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003860"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-031"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043. Cisco WebEx is prone to multiple remote buffer-overflow vulnerabilities because it fails to perform adequate boundary-checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition. \n\nThe Cisco WebEx Players are applications that are used to play back\nWebEx meeting recordings that have been recorded on the computer of\nan on-line meeting attendee. The players can be automatically\ninstalled when the user accesses a recording file that is hosted on a\nWebEx server. The player can also be manually installed for offline\nplayback after downloading the application from www.webex.com\n\nIf the WebEx recording player was automatically installed, it will be\nautomatically upgraded to the latest, non-vulnerable version when\nusers access a recording file that is hosted on a WebEx server. If\nthe WebEx recording player was manually installed, users will need to\nmanually install a new version of the player after downloading the\nlatest version from www.webex.com \n\nCisco has released free software updates that address these\nvulnerabilities. \n\nThis advisory is posted at\nhttp://www.cisco.com/warp/public/707/cisco-sa-20110201-webex.shtml. \n\nAffected Products\n=================\n\nVulnerable Products\n+------------------\n\nThe vulnerabilities disclosed in this advisory affect the Cisco WebEx\nrecording players. Microsoft Windows, Apple Mac OS X, and Linux\nversions of the player are all affected. Affected versions of the\nplayers are those prior to client builds T27LC SP22 and T27LB SP21\nEP3. Customers who have contractual agreements that prevent WebEx\nfrom automatically upgrading a recording player to the latest version\nshould contact their account manager to determine upgrade options. \n\nTo determine whether a Cisco WebEx server is running an affected\nversion of the WebEx client build, users can log in to their Cisco\nWebEx server and go to the Support \u003e Downloads section. The version\nof the WebEx client build will be displayed on the right side of the\npage under \"About Support Center.\" See \"Software Versions and Fixes\"\nfor details. \n\nCisco recommends that users upgrade to the most current version of\nthe player that is available from www.webex.com/downloadplayer.html\n\n\nProducts Confirmed Not Vulnerable\n+--------------------------------\n\nNo other Cisco products are currently known to be affected by these\nvulnerabilities. \n\nDetails\n=======\n\nThe WebEx meeting service is a hosted multimedia conferencing\nsolution that is managed and maintained by Cisco WebEx. The WRF and\nARF file formats are used to store WebEx meeting recordings that have\nbeen recorded on the computer of an on-line meeting attendee. The\nplayers are applications that are used to play back and edit\nrecording files (files with .wrf and .arf extensions). The recording\nplayers can be automatically installed when the user accesses a\nrecording file that is hosted on a WebEx server (for stream playback\nmode). The recording players can also be manually installed after\ndownloading the application from www.webex.com/downloadplayer.html\nto play back recording files locally (for offline\nplayback mode). \n\nMultiple buffer overflow vulnerabilities exist in the WRF and ARF\nplayers. The vulnerabilities may lead to a crash of the player\napplication or, in some cases, remote code execution could occur. \n\nTo exploit one of these vulnerabilities, the player application would\nneed to open a malicious WRF or ARF file. An attacker may be able to\naccomplish this exploit by providing the malicious recording file\ndirectly to users (for example, by using e-mail) or by directing a\nuser to a malicious web page. The vulnerability cannot be triggered\nby users who are attending a WebEx meeting. \n\nThese vulnerabilities have been assigned the following Common\nVulnerabilities and Exposures (CVE) identifiers:\n\n  * CVE-2010-3269\n  * CVE-2010-3041\n  * CVE-2010-3042\n  * CVE-2010-3043\n  * CVE-2010-3044\n\nVulnerability Scoring Details\n\nCisco has provided scores for the vulnerabilities in this advisory\nbased on the Common Vulnerability Scoring System (CVSS). The CVSS\nscoring in this Security Advisory is done in accordance with CVSS\nversion 2.0. \n\nCVSS is a standards-based scoring method that conveys vulnerability\nseverity and helps determine urgency and priority of response. \n\nCisco has provided a base and temporal score. Customers can then\ncompute environmental scores to assist in determining the impact of\nthe vulnerability in individual networks. \n\nCisco has provided an FAQ to answer additional questions regarding\nCVSS at:\n\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\n\n\nCisco has also provided a CVSS calculator to help compute the\nenvironmental impact for individual networks at:\n\nhttp://intellishield.cisco.com/security/alertmanager/cvss \n\n* Multiple Cisco WebEx Player Buffer Overflow Vulnerabilities\n\nCVSS Base Score - 9.3\n    Access Vector -            Network\n    Access Complexity -        Medium\n    Authentication -           None\n    Confidentiality Impact -   Complete\n    Integrity Impact -         Complete\n    Availability Impact -      Complete\n\nCVSS Temporal Score - 7.7\n    Exploitability -           Functional\n    Remediation Level -        Official-Fix\n    Report Confidence -        Confirmed\n\n\nImpact\n======\n\nSuccessful exploitation of the vulnerabilities described in this\ndocument could result in a crash of the Cisco WebEx ARF Player or WRF\nPlayer application and, in some cases, allow a remote attacker to\nexecute arbitrary code on the system with the privileges of the user\nwho is running the recording player application. \n\nSoftware Versions and Fixes\n===========================\n\nWhen considering software upgrades, also consult http://www.cisco.com/go/psirt\nand any subsequent advisories to determine exposure and a\ncomplete upgrade solution. \n\nThese vulnerabilities are first fixed in T27LC SP22 and T27LB SP21\nEP3. For customers who are running T27LC SP22, the client build will\nbe represented as 27.22SP.0.9253. The fix for customers who are\nrunning T27LB SP21 will be deployed by WebEx over the next few weeks. \nThe client build will be determined after the software is deployed. \n\nThe client build is listed in the Support \u003e Downloads section of the\nWebEx page after a user authenticates. WebEx bug fixes are cumulative\nin a major release. For example, if release 27.22SP.0 is fixed,\nrelease 27.22SP.1 will also have the software fix. \n\nIf a recording player was automatically installed, it will be\nautomatically upgraded to the latest, nonvulnerable version when\nusers access a recording file that is hosted on a WebEx server. \n\nIf a WebEx recording player was manually installed, users will need\nto manually install a new version of the player after downloading the\nlatest version from www.webex.com/downloadplayer.html\n\nWorkarounds\n===========\n\nThere are no workarounds for the vulnerabilities disclosed in this\nadvisory. \n\nObtaining Fixed Software\n========================\n\nCisco has released free software updates that address these\nvulnerabilities. Prior to deploying software, customers should\nconsult their maintenance provider or check the software for feature\nset compatibility and known issues specific to their environment. \n\nCustomers may only install and expect support for the feature sets\nthey have purchased. By installing, downloading, accessing or\notherwise using such software upgrades, customers agree to be bound\nby the terms of Cisco\u0027s software license terms found at \nhttp://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,\nor as otherwise set forth at Cisco.com Downloads at\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml \n\nDo not contact psirt@cisco.com or security-alert@cisco.com for\nsoftware upgrades. \n\nExploitation and Public Announcements\n=====================================\n\nThe Cisco PSIRT is not aware of any public announcements or malicious\nuse of the vulnerability described in this advisory. \n\nThese vulnerabilities were either found during internal testing or\nreported to Cisco by a variety of sources, including Core Security,\nTippingPoint, and Fortinet\u0027s FortiGuard Labs. \n\nCisco would like to thank these organizations for reporting these\nvulnerabilities. \n\nStatus of this Notice: FINAL\n============================\n\nTHIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY\nKIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\nDOCUMENT AT ANY TIME. \n\nA stand-alone copy or Paraphrase of the text of this document that\nomits the distribution URL in the following section is an\nuncontrolled copy, and may lack important information or contain\nfactual errors. \n\nDistribution\n============\n\nThis advisory is posted on Cisco\u0027s worldwide website at :\n\nhttp://www.cisco.com/warp/public/707/cisco-sa-20110201-webex.shtml\n\nIn addition to worldwide web posting, a text version of this notice\nis clear-signed with the Cisco PSIRT PGP key and is posted to the\nfollowing e-mail and Usenet news recipients. \n\n  * cust-security-announce@cisco.com\n  * first-bulletins@lists.first.org\n  * bugtraq@securityfocus.com\n  * vulnwatch@vulnwatch.org\n  * cisco@spot.colorado.edu\n  * cisco-nsp@puck.nether.net\n  * full-disclosure@lists.grok.org.uk\n  * comp.dcom.sys.cisco@newsgate.cisco.com\n\nFuture updates of this advisory, if any, will be placed on Cisco\u0027s\nworldwide website, but may or may not be actively announced on\nmailing lists or newsgroups. Users concerned about this problem are\nencouraged to check the above URL for any updates. \n\nRevision History\n================\n\n+---------------------------------------+\n| Revision |             | Initial      |\n| 1.0      | 2011-Feb-01 | public       |\n|          |             | release.     |\n+---------------------------------------+\n\nCisco Security Procedures\n=========================\n\nComplete information on reporting security vulnerabilities in Cisco\nproducts, obtaining assistance with security incidents, and\nregistering to receive security information from Cisco, is available\non Cisco\u0027s worldwide website at \nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. \nThis includes instructions for press inquiries regarding Cisco security notices. \nAll Cisco security advisories are available at \nhttp://www.cisco.com/go/psirt. \n\n+--------------------------------------------------------------------\nCopyright 2010-2011 Cisco Systems, Inc. All rights reserved. \n+--------------------------------------------------------------------\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.14 (Darwin)\n\niF4EAREIAAYFAk1IQjoACgkQQXnnBKKRMNCpdQEAg/vWtP38VKH2ZDeL9QMQfx6E\nM8nIZdeL2XGonJpT60IA/0APzTbZPE+9rWTi1Z0lJqIgCjHls3jo+sGQWSPvxxkS\n=Ur/Y\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-3044"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003860"
      },
      {
        "db": "BID",
        "id": "46075"
      },
      {
        "db": "VULHUB",
        "id": "VHN-45649"
      },
      {
        "db": "PACKETSTORM",
        "id": "98073"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-3044",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "46075",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1025016",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003860",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-031",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20110201 MULTIPLE CISCO WEBEX PLAYER VULNERABILITIES",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "65075",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "16391",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-45649",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "98073",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45649"
      },
      {
        "db": "BID",
        "id": "46075"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003860"
      },
      {
        "db": "PACKETSTORM",
        "id": "98073"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-031"
      }
    ]
  },
  "id": "VAR-201102-0310",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45649"
      }
    ],
    "trust": 0.7453525499999999
  },
  "last_update_date": "2023-12-18T12:58:25.481000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20110201-webex",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b6913f.shtml"
      },
      {
        "title": "cisco-sa-20110201-webex",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/110/1103/1103539_cisco-sa-20110201-webex-j.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003860"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45649"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003860"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3044"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/46075"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b6913f.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=22016"
      },
      {
        "trust": 1.7,
        "url": "http://www.fortiguard.com/advisory/fga-2011-03.html"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1025016"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65075"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3044"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3044"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/65075"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/16391"
      },
      {
        "trust": 0.4,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110201-webex.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www.webex.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/go/psirt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3043"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110201-webex.shtml."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.webex.com/downloadplayer.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.webex.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3044"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3041"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3269"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3042"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/go/psirt."
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/docs/general/warranty/english/eu1ken_.html,"
      },
      {
        "trust": 0.1,
        "url": "http://intellishield.cisco.com/security/alertmanager/cvss"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45649"
      },
      {
        "db": "BID",
        "id": "46075"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003860"
      },
      {
        "db": "PACKETSTORM",
        "id": "98073"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-031"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-45649"
      },
      {
        "db": "BID",
        "id": "46075"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003860"
      },
      {
        "db": "PACKETSTORM",
        "id": "98073"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-031"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-02-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-45649"
      },
      {
        "date": "2011-01-31T00:00:00",
        "db": "BID",
        "id": "46075"
      },
      {
        "date": "2012-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003860"
      },
      {
        "date": "2011-02-02T02:55:23",
        "db": "PACKETSTORM",
        "id": "98073"
      },
      {
        "date": "2011-02-02T23:00:31.393000",
        "db": "NVD",
        "id": "CVE-2010-3044"
      },
      {
        "date": "2011-02-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201102-031"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-45649"
      },
      {
        "date": "2011-02-01T16:20:00",
        "db": "BID",
        "id": "46075"
      },
      {
        "date": "2012-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003860"
      },
      {
        "date": "2017-08-17T01:32:54.227000",
        "db": "NVD",
        "id": "CVE-2010-3044"
      },
      {
        "date": "2011-07-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201102-031"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "98073"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-031"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco WRF and  ARF Player T27LB Vulnerable to buffer overflow",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003860"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201102-031"
      }
    ],
    "trust": 0.6
  }
}

GSD-2010-3044

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-3044

Aliases

CVE-2010-3044

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-3044",
    "description": "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043.",
    "id": "GSD-2010-3044"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-3044"
      ],
      "details": "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043.",
      "id": "GSD-2010-3044",
      "modified": "2023-12-13T01:21:33.906440Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2010-3044",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "cisco-wrf-arf-bo(65075)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65075"
          },
          {
            "name": "20110201 Multiple Cisco WebEx Player Vulnerabilities",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml"
          },
          {
            "name": "http://www.fortiguard.com/advisory/FGA-2011-03.html",
            "refsource": "MISC",
            "url": "http://www.fortiguard.com/advisory/FGA-2011-03.html"
          },
          {
            "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016",
            "refsource": "CONFIRM",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016"
          },
          {
            "name": "46075",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/46075"
          },
          {
            "name": "1025016",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1025016"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_recording_format_player:26.49:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_recording_format_player:27.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_recording_format_player:27.11.0.3328:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_recording_format_player:27.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_recording_format_player:27.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:26.49:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.11.0.3328:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2010-3044"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "46075",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/46075"
            },
            {
              "name": "20110201 Multiple Cisco WebEx Player Vulnerabilities",
              "refsource": "CISCO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml"
            },
            {
              "name": "1025016",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1025016"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016"
            },
            {
              "name": "http://www.fortiguard.com/advisory/FGA-2011-03.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.fortiguard.com/advisory/FGA-2011-03.html"
            },
            {
              "name": "cisco-wrf-arf-bo(65075)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65075"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-17T01:32Z",
      "publishedDate": "2011-02-02T23:00Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-3044 (GCVE-0-2010-3044)

GHSA-J75F-9WV2-95M3

CERTA-2011-AVI-050

Description

Solution

CERTA-2011-AVI-050

Description

Solution

FKIE_CVE-2010-3044

VAR-201102-0310

Affected Products

Details

Impact

Software Versions and Fixes

Workarounds

Obtaining Fixed Software

Exploitation and Public Announcements

Status of this Notice: FINAL

Distribution

Revision History

Cisco Security Procedures

GSD-2010-3044

Tags

Sightings

Nomenclature