Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2011-4004
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:53:32.602Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20111026 Buffer Overflow Vulnerabilities in the Cisco WebEx Player", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-10-27T21:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20111026 Buffer Overflow Vulnerabilities in the Cisco WebEx Player", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-4004", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20111026 Buffer Overflow Vulnerabilities in the Cisco WebEx Player", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-4004", datePublished: "2011-10-27T21:00:00Z", dateReserved: "2011-10-06T00:00:00Z", dateUpdated: "2024-09-17T02:11:41.346Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_recording_format_player:26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89A7EC6D-EFF7-494D-BBF7-787464A2858B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_recording_format_player:27:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F949C6D-8074-444B-986E-63F06F9A05A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_recording_format_player:27.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B242684-7692-4F50-8419-587F0DCBC376\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_recording_format_player:27.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D126564-E0D1-4E25-BD83-B10EF9AFBDA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:webex_recording_format_player:27.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4D92FB5-277D-43B8-8200-43E1FE102BA3\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer en la funcionalidad de procesamiento de ATAS32 en Cisco WebEx Recording Format (WRF) T26 player anterior a EP40 SP49 y SP28 anterior a T27 permite a atacantes remotos ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de un archivo modificado WRF.\"}]", id: "CVE-2011-4004", lastModified: "2024-11-21T01:31:41.710", metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}", published: "2011-10-27T21:55:01.107", references: "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]", sourceIdentifier: "ykramarz@cisco.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2011-4004\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2011-10-27T21:55:01.107\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de búfer en la funcionalidad de procesamiento de ATAS32 en Cisco WebEx Recording Format (WRF) T26 player anterior a EP40 SP49 y SP28 anterior a T27 permite a atacantes remotos ejecutar código arbitrario a través de un archivo modificado WRF.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_recording_format_player:26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89A7EC6D-EFF7-494D-BBF7-787464A2858B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_recording_format_player:27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F949C6D-8074-444B-986E-63F06F9A05A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_recording_format_player:27.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B242684-7692-4F50-8419-587F0DCBC376\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_recording_format_player:27.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D126564-E0D1-4E25-BD83-B10EF9AFBDA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:webex_recording_format_player:27.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4D92FB5-277D-43B8-8200-43E1FE102BA3\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
ghsa-3vjg-xrj8-3qhh
Vulnerability from github
Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.
{ affected: [], aliases: [ "CVE-2011-4004", ], database_specific: { cwe_ids: [ "CWE-119", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2011-10-27T21:55:00Z", severity: "HIGH", }, details: "Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.", id: "GHSA-3vjg-xrj8-3qhh", modified: "2022-05-17T05:31:07Z", published: "2022-05-17T05:31:07Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-4004", }, { type: "WEB", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex", }, ], schema_version: "1.4.0", severity: [], }
var-201110-0222
Vulnerability from variot
Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in ATAS32.DLL during the parsing of values defined within the WRF file format. The vulnerable code trusts the linesProcessed value from the file, and uses it in some logic to determine the destination pointer for a memcpy. By supplying an overly large linesProcessed value, the subtraction would cause an integer underflow and allows an attacker control of the destination buffer pointer. This can be further leveraged to execute arbitrary code under the context of the current user. Cisco WebEx is a web conferencing solution. When Cisco WebEx parses the value defined in the WRF file format, ATAS32.DLL is flawed. The value is reduced by the large linesProcessed value. Cisco WebEx is prone to multiple remote buffer-overflow vulnerabilities. Failed exploit attempts may result in a denial-of-service condition. More details can be found at:
http://www.cisco.com/go/psirt
-- Disclosure Timeline: 2011-05-12 - Vulnerability reported to vendor 2011-10-26 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by:
-
Aniway (Aniway.Anyway@gmail.com)
-
Anonymous
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Cisco WebEx Player WRF File Processing Vulnerabilities
SECUNIA ADVISORY ID: SA46607
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46607/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46607
RELEASE DATE: 2011-10-28
DISCUSS ADVISORY: http://secunia.com/advisories/46607/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46607/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46607
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in Cisco WebEx Player, which can be exploited by malicious people to compromise a user's system.
SOLUTION: Update to a fixed version (Please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits TippingPoint. 2) Aniway and Anonymous via ZDI.
ORIGINAL ADVISORY: Cisco: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-308/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The players can also be manually installed for offline playback after downloading the application from www.webex.com
If the WRF player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the WRF player was manually installed, users will need to manually install a new version of the player after downloading the latest version from www.webex.com
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex
Note: Effective October 18, 2011, Cisco moved the current list of Cisco Security Advisories and Responses published by Cisco PSIRT. The new location is http://tools.cisco.com/security/center/publicationListing You can also navigate to this page from the Cisco Products and Services menu of the Cisco Security Intelligence Operations (SIO) Portal. Following this transition, new Cisco Security Advisories and Responses will be published to the new location. Although the URL has changed, the content of security documents and the vulnerability policy are not impacted. Cisco will continue to disclose security vulnerabilities in accordance with the published Security Vulnerability Policy.
Affected Products
The vulnerabilities disclosed in this advisory affect the Cisco WRF players. The Microsoft Windows, Apple Mac OS X, and Linux versions of the players are all affected. Review the following table for the list of releases that contain the nonvulnerable code. Affected versions of the players are those prior to client build T26 SP49 EP40 and T27 SP28. These build numbers are available only to WebEx site administrators. End users will see a version such as "Client build: 27.25.4.11889." This indicates the server is running software version T27 SP25 EP4.
To determine whether a Cisco WebEx meeting site is running an affected version of the WebEx client build, users can log in to their Cisco WebEx meeting site and go to the Support > Downloads section. The version of the WebEx client build will be displayed on the right side of the page under "About Support Center." See "Software Versions and Fixes" for details.
Cisco recommends that users upgrade to the most current version of the player that is available from www.webex.com/ downloadplayer.html. If the player is no longer needed, it can be removed using the "Mac Cisco-WebEx Uninstaller" or "Meeting Services Removal tool" available at support.webex.com/support/ downloads.html.
Users can manually verify the installed version of the WRF player to determine whether it is affected by these vulnerabilities. To do so, an administrator must examine the version numbers of the installed files and determine whether the version of the file contains the fixed code. Detailed instructions on how to verify the version numbers are provided in the following sections.
The following tables provide the first nonvulnerable version of each object.
Microsoft Windows +---------------- Two dynamically linked libraries (DLLs) were updated on the Microsoft Windows platform to address the vulnerabilities that are described in this advisory. These files are in the folder C:\ Program Files\WebEx\Record Playback or C:\Program Files (x86)\ Webex\Record Player. The version number of a DLL can be obtained by browsing the Record Playback directory in Windows Explorer, right-clicking on the file name, and choosing Properties. The Version or Details tab of the Properties page provides details on the library version. The following table gives the first fixed version number for each DLL. If the installed versions are equal to or greater than the versions provided in the table, the system is not vulnerable.
+----------------------------------------------------------------------------+ | Library | T26 SP49 | T27 SP11 | T27 SP21 | T27 SP25 | T27 SP28 | | | EP40 | EP26 | EP9 | EP3 | | |--------------+-------------+------------+----------+----------+------------| | atas32.dll | Not | 2.6.11.0 | 2.6.21.5 | 2.6.25.0 | 2.6.28.0 | | | vulnerable | | | | | |--------------+-------------+------------+----------+----------+------------| | atdl2006.dll | 2.5.49.4000 | 2.6.1123.1 | 2.6.21.1 | 2.6.20.0 | Not | | | | | | | vulnerable | +----------------------------------------------------------------------------+
Mac +-- A package bundle was updated on the Macintosh platform to address the vulnerabilities that are described in this advisory. This file is in each user's home directory, which can be accessed in ~/Library/Application Support/WebEx Folder/824 for systems connected to servers running T26 and ~/Library/Application Support/WebEx Folder/924 for systems connected to servers running T27. The version can be obtained by browsing to the appropriate folder in Finder and control-clicking the filename. When the menu is displayed, select show package contents and then double-click the Info.plist file. The version number is shown at the bottom of the displayed table.
+-------------------------------------------------------------------------------+ | Bundle | T26 SP49 | T27 SP11 | T27 SP21 | T27 SP25 | T27 SP28 | | | EP40 | EP26 | EP9 | EP3 | | |-------------------+-----------+------------+-----------+----------+------------| | asplayback.bundle | 6.0.49.40 | 6.10.11.25 | 6.10.21.9 | 6.0.25.3 | 5.25.27.28 | +-------------------------------------------------------------------------------+
Linux
A shared object was updated on the Linux platform to address the vulnerabilities that are described in this advisory. This file is in the ~/.webex directory. The version number of the shared object can be obtained by performing a directory listing with the ls command. The version number is provided after the .so extension.
+---------------------------------------------------------------------------+ | Shared | T26 SP49 | T27 SP11 | T27 SP21 | T27 SP25 | T27 SP28 | | Object | EP40 | EP26 | EP9 | EP3 | | |------------+-----------+------------+-----------+------------+------------| | atascli.so | 1.0.26.41 | 1.11.27.15 | 1.0.27.17 | 1.25.27.17 | 1.28.27.17 | +---------------------------------------------------------------------------+
Vulnerable Products +------------------
No other Cisco products are currently known to be affected by these vulnerabilities.
Details
The WebEx meeting service is a hosted multimedia conferencing solution that is managed and maintained by Cisco WebEx. The WRF file format is used to store WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The players are applications that are used to play back and edit recording files (files with a .wrf extension). The WRF players can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site (for stream playback mode). The WRF players can also be manually installed after downloading the application from www.webex.com/downloadplayer.html to play back recording files locally (for offline playback mode). The vulnerabilities cannot be triggered by users who are attending a WebEx meeting.
Vulnerability Scoring Details +----------------------------
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss
- Multiple Cisco WebEx Player Buffer Overflow Vulnerabilities
CVSS Base Score - 9.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete
CVSS Temporal Score - 7.7 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
Impact
Successful exploitation of the vulnerabilities described in this document could cause the Cisco WRF player application to crash and, in some cases, allow a remote attacker to execute arbitrary code on the system with the privileges of the user who is running the WRF player application.
Software Versions and Fixes
When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
These vulnerabilities are first fixed in the following versions:
- T26 SP49 EP40
- T27 FR20
- T27 SP11 EP23
- T27 SP21 EP9
- T27 SP23
- T27 SP25 EP3
- T27 SP28
The client build is listed in the Support > Downloads section of the WebEx page after a user authenticates. WebEx bug fixes are cumulative in a major release. For example, if release T27 SP22 EP9 is fixed, release T27 SP22 EP23 will also have the software fix. End users will see a version such as "Client build: 27.25.4.11889." This indicates the server is running software version T27 SP25 EP4.
If a WRF player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site.
If a WRF player was manually installed, users will need to manually install a new version of the player after downloading the latest version from www.webex.com/downloadplayer.html. If the player is no longer needed, it can be removed using the "Mac Cisco-WebEx Uninstaller" or "Meeting Services Removal tool" available at support.webex.com/support/downloads.html
Workarounds
There are no workarounds for the vulnerabilities disclosed in this advisory.
Obtaining Fixed Software
Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades.
Customers with Service Contracts +-------------------------------
This section does not apply for vulnerabilities in Cisco WebEx products.
Customers using Third Party Support Organizations +------------------------------------------------
This section does not apply for vulnerabilities in Cisco WebEx products.
Customers without Service Contracts +----------------------------------
This section does not apply for vulnerabilities in Cisco WebEx products.
Exploitation and Public Announcements
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.
These vulnerabilities were reported to Cisco by TippingPoint. Cisco would like to thank TippingPoint for reporting these vulnerabilities to us.
Status of this Notice: Final
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.
Distribution
This advisory is posted on Cisco's worldwide website at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex
In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients.
- cust-security-announce@cisco.com
- first-teams@first.org
- bugtraq@securityfocus.com
- vulnwatch@vulnwatch.org
- cisco@spot.colorado.edu
- cisco-nsp@puck.nether.net
- full-disclosure@lists.grok.org.uk
- comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.
Revision History
+-------------------------------------------------------------------+ | Revision 1.0 | 2011-October-26 | Initial public release | +-------------------------------------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at: http://www.cisco.com/go/psirt
+-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS)
iFcDBQFOqCUXQXnnBKKRMNARCO+aAP9IbHs1VnWKq0GY3UPgGavVWYYrypo9uR2g S1eif/eNEQD7BRMCZrBRVyqMy2c0STwOH9IN35fyqGyLtlO/Nxv4geA= =eg2S -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0222", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "webex", scope: "eq", trust: 1.8, vendor: "cisco", version: "26.00", }, { model: "webex", scope: "eq", trust: 1.8, vendor: "cisco", version: "27.00", }, { model: "webex 27lb sp21 ep3", scope: null, trust: 1.8, vendor: "cisco", version: null, }, { model: "webex 27lc sp22", scope: null, trust: 1.8, vendor: "cisco", version: null, }, { model: "webex recording format player", scope: "eq", trust: 1.6, vendor: "cisco", version: "27.10", }, { model: "webex recording format player", scope: "eq", trust: 1.6, vendor: "cisco", version: "27.12", }, { model: "webex recording format player", scope: "eq", trust: 1.6, vendor: "cisco", version: "27.13", }, { model: "webex recording format player", scope: "eq", trust: 1.6, vendor: "cisco", version: "26", }, { model: "webex recording format player", scope: "eq", trust: 1.6, vendor: "cisco", version: "27", }, { model: "webex", scope: "eq", trust: 0.9, vendor: "cisco", version: "26.49.32", }, { model: "webex", scope: "eq", trust: 0.9, vendor: "cisco", version: "27.10", }, { model: "webex (mac os", scope: "eq", trust: 0.9, vendor: "cisco", version: "x)26.00", }, { model: "webex (mac os", scope: "eq", trust: 0.9, vendor: "cisco", version: "x)27.00", }, { model: "webex (mac os 27lb sp21 ep3", scope: "eq", trust: 0.9, vendor: "cisco", version: "x)", }, { model: "webex (mac os 27lc sp22", scope: "eq", trust: 0.9, vendor: "cisco", version: "x)", }, { model: "webex (mac os", scope: "eq", trust: 0.9, vendor: "cisco", version: "x)26.49.35", }, { model: "webex (mac os", scope: "eq", trust: 0.9, vendor: "cisco", version: "x)27.11.8", }, { model: "webex", scope: "eq", trust: 0.9, vendor: "cisco", version: "27.11.8", }, { model: "webex", scope: "eq", trust: 0.9, vendor: "cisco", version: "26.49.35", }, { model: "webex", scope: "eq", trust: 0.9, vendor: "cisco", version: "27", }, { model: "webex recording format player", scope: "lt", trust: 0.8, vendor: "cisco", version: "t26 sp49 ep40", }, { model: "webex recording format player", scope: "lt", trust: 0.8, vendor: "cisco", version: "t27 sp28", }, { model: "webex", scope: null, trust: 0.7, vendor: "cisco", version: null, }, { model: "webex t27 sp28", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "webex t27 sp25 ep3", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "webex t27 sp23", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "webex t27 sp21 ep9", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "webex t27 sp11 ep23", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "webex t27 fr20", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "webex t26 sp49 ep40", scope: "ne", trust: 0.6, vendor: "cisco", version: null, }, { model: "webex", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "webex (mac os t27 sp28", scope: "ne", trust: 0.3, vendor: "cisco", version: "x)", }, { model: "webex (mac os t27 sp25 ep3", scope: "ne", trust: 0.3, vendor: "cisco", version: "x)", }, { model: "webex (mac os t27 sp23", scope: "ne", trust: 0.3, vendor: "cisco", version: "x)", }, { model: "webex (mac os t27 sp21 ep9", scope: "ne", trust: 0.3, vendor: "cisco", version: "x)", }, { model: "webex (mac os t27 sp11 ep23", scope: "ne", trust: 0.3, vendor: "cisco", version: "x)", }, { model: "webex (mac os t27 fr20", scope: "ne", trust: 0.3, vendor: "cisco", version: "x)", }, { model: "webex (mac os t26 sp49 ep40", scope: "ne", trust: 0.3, vendor: "cisco", version: "x)", }, ], sources: [ { db: "ZDI", id: "ZDI-11-308", }, { db: "CNVD", id: "CNVD-2011-4516", }, { db: "BID", id: "50373", }, { db: "JVNDB", id: "JVNDB-2011-002704", }, { db: "NVD", id: "CVE-2011-4004", }, { db: "CNNVD", id: "CNNVD-201110-653", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:cisco:webex_recording_format_player:27.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:webex_recording_format_player:27.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:webex_recording_format_player:27.13:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:webex_recording_format_player:26:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:webex_recording_format_player:27:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2011-4004", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "TippingPoint", sources: [ { db: "BID", id: "50373", }, { db: "CNNVD", id: "CNNVD-201110-653", }, ], trust: 0.9, }, cve: "CVE-2011-4004", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 8.6, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 9.3, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2011-4004", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "ZDI", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2011-4004", impactScore: 8.5, integrityImpact: "PARTIAL", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "HIGH", trust: 0.7, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:C", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 8.6, id: "VHN-51949", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2011-4004", trust: 1.8, value: "HIGH", }, { author: "ZDI", id: "CVE-2011-4004", trust: 0.7, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201110-653", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-51949", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2011-4004", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-11-308", }, { db: "VULHUB", id: "VHN-51949", }, { db: "VULMON", id: "CVE-2011-4004", }, { db: "JVNDB", id: "JVNDB-2011-002704", }, { db: "NVD", id: "CVE-2011-4004", }, { db: "CNNVD", id: "CNNVD-201110-653", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in ATAS32.DLL during the parsing of values defined within the WRF file format. The vulnerable code trusts the linesProcessed value from the file, and uses it in some logic to determine the destination pointer for a memcpy. By supplying an overly large linesProcessed value, the subtraction would cause an integer underflow and allows an attacker control of the destination buffer pointer. This can be further leveraged to execute arbitrary code under the context of the current user. Cisco WebEx is a web conferencing solution. When Cisco WebEx parses the value defined in the WRF file format, ATAS32.DLL is flawed. The value is reduced by the large linesProcessed value. Cisco WebEx is prone to multiple remote buffer-overflow vulnerabilities. Failed exploit attempts may result in a denial-of-service condition. More details\ncan be found at:\n\nhttp://www.cisco.com/go/psirt\n\n\n\n-- Disclosure Timeline:\n2011-05-12 - Vulnerability reported to vendor\n2011-10-26 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by:\n\n* Aniway (Aniway.Anyway@gmail.com)\n\n\n* Anonymous\n\n\n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n\n http://twitter.com/thezdi\n\n. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nCisco WebEx Player WRF File Processing Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46607\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46607/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory&vuln_id=46607\n\nRELEASE DATE:\n2011-10-28\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46607/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46607/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory&vuln_id=46607\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in Cisco WebEx Player, which\ncan be exploited by malicious people to compromise a user's system. \n\nSOLUTION:\nUpdate to a fixed version (Please see the vendor's advisory for\ndetails). \n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits TippingPoint. \n2) Aniway and Anonymous via ZDI. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-308/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nThe Cisco WebEx Players are applications that are used to play back\nWebEx meeting recordings that have been recorded on a WebEx meeting\nsite or on the computer of an online meeting attendee. The players\ncan be automatically installed when the user accesses a recording\nfile that is hosted on a WebEx meeting site. The players can also be\nmanually installed for offline playback after downloading the\napplication from www.webex.com\n\nIf the WRF player was automatically installed, it will be\nautomatically upgraded to the latest, nonvulnerable version when\nusers access a recording file that is hosted on a WebEx meeting site. \nIf the WRF player was manually installed, users will need to manually\ninstall a new version of the player after downloading the latest\nversion from www.webex.com\n\nCisco has released free software updates that address these\nvulnerabilities. \n\nThis advisory is posted at: \nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex\n\nNote: Effective October 18, 2011, Cisco moved the current list of\nCisco Security Advisories and Responses published by Cisco PSIRT. The\nnew location is http://tools.cisco.com/security/center/publicationListing\nYou can also navigate to this page from the Cisco\nProducts and Services menu of the Cisco Security Intelligence\nOperations (SIO) Portal. Following this transition, new Cisco\nSecurity Advisories and Responses will be published to the new\nlocation. Although the URL has changed, the content of security\ndocuments and the vulnerability policy are not impacted. Cisco will\ncontinue to disclose security vulnerabilities in accordance with the\npublished Security Vulnerability Policy. \n\nAffected Products\n=================\n\nThe vulnerabilities disclosed in this advisory affect the Cisco\nWRF players. The Microsoft Windows, Apple Mac OS X, and Linux\nversions of the players are all affected. Review the following\ntable for the list of releases that contain the nonvulnerable\ncode. Affected versions of the players are those prior to client\nbuild T26 SP49 EP40 and T27 SP28. These build numbers are\navailable only to WebEx site administrators. End users will see a\nversion such as \"Client build: 27.25.4.11889.\" This indicates the\nserver is running software version T27 SP25 EP4. \n\nTo determine whether a Cisco WebEx meeting site is running an\naffected version of the WebEx client build, users can log in to\ntheir Cisco WebEx meeting site and go to the Support > Downloads\nsection. The version of the WebEx client build will be displayed\non the right side of the page under \"About Support Center.\" See\n\"Software Versions and Fixes\" for details. \n\nCisco recommends that users upgrade to the most current version\nof the player that is available from www.webex.com/\ndownloadplayer.html. If the player is no longer needed, it can be\nremoved using the \"Mac Cisco-WebEx Uninstaller\" or \"Meeting\nServices Removal tool\" available at support.webex.com/support/\ndownloads.html. \n\nUsers can manually verify the installed version of the WRF player\nto determine whether it is affected by these vulnerabilities. To\ndo so, an administrator must examine the version numbers of the\ninstalled files and determine whether the version of the file\ncontains the fixed code. Detailed instructions on how to verify\nthe version numbers are provided in the following sections. \n\nThe following tables provide the first nonvulnerable version of\neach object. \n\nMicrosoft Windows\n+----------------\nTwo dynamically linked libraries (DLLs) were updated on the\nMicrosoft Windows platform to address the vulnerabilities that\nare described in this advisory. These files are in the folder C:\\\nProgram Files\\WebEx\\Record Playback or C:\\Program Files (x86)\\\nWebex\\Record Player. The version number of a DLL can be obtained\nby browsing the Record Playback directory in Windows Explorer,\nright-clicking on the file name, and choosing Properties. The\nVersion or Details tab of the Properties page provides details on\nthe library version. The following table gives the first fixed\nversion number for each DLL. If the installed versions are equal\nto or greater than the versions provided in the table, the system\nis not vulnerable. \n\n+----------------------------------------------------------------------------+\n| Library | T26 SP49 | T27 SP11 | T27 SP21 | T27 SP25 | T27 SP28 |\n| | EP40 | EP26 | EP9 | EP3 | |\n|--------------+-------------+------------+----------+----------+------------|\n| atas32.dll | Not | 2.6.11.0 | 2.6.21.5 | 2.6.25.0 | 2.6.28.0 |\n| | vulnerable | | | | |\n|--------------+-------------+------------+----------+----------+------------|\n| atdl2006.dll | 2.5.49.4000 | 2.6.1123.1 | 2.6.21.1 | 2.6.20.0 | Not |\n| | | | | | vulnerable |\n+----------------------------------------------------------------------------+\n \nMac\n+--\nA package bundle was updated on the Macintosh platform to\naddress the vulnerabilities that are described in this advisory. \nThis file is in each user's home directory, which can be accessed\nin ~/Library/Application Support/WebEx Folder/824 for systems\nconnected to servers running T26 and ~/Library/Application\nSupport/WebEx Folder/924 for systems connected to servers running\nT27. The version can be obtained by browsing to the appropriate\nfolder in Finder and control-clicking the filename. When the menu\nis displayed, select show package contents and then double-click\nthe Info.plist file. The version number is shown at the bottom of\nthe displayed table. \n\n+-------------------------------------------------------------------------------+\n| Bundle | T26 SP49 | T27 SP11 | T27 SP21 | T27 SP25 | T27 SP28 |\n| | EP40 | EP26 | EP9 | EP3 | |\n|-------------------+-----------+------------+-----------+----------+------------|\n| asplayback.bundle | 6.0.49.40 | 6.10.11.25 | 6.10.21.9 | 6.0.25.3 | 5.25.27.28 |\n+-------------------------------------------------------------------------------+\n\nLinux\n\nA shared object was updated on the Linux platform to address the\nvulnerabilities that are described in this advisory. This file is\nin the ~/.webex directory. The version number of the shared\nobject can be obtained by performing a directory listing with the\nls command. The version number is provided after the .so\nextension. \n\n+---------------------------------------------------------------------------+\n| Shared | T26 SP49 | T27 SP11 | T27 SP21 | T27 SP25 | T27 SP28 |\n| Object | EP40 | EP26 | EP9 | EP3 | |\n|------------+-----------+------------+-----------+------------+------------|\n| atascli.so | 1.0.26.41 | 1.11.27.15 | 1.0.27.17 | 1.25.27.17 | 1.28.27.17 |\n+---------------------------------------------------------------------------+\n\nVulnerable Products\n+------------------\n\nNo other Cisco products are currently known to be affected by these\nvulnerabilities. \n\nDetails\n=======\n\nThe WebEx meeting service is a hosted multimedia conferencing\nsolution that is managed and maintained by Cisco WebEx. The WRF file\nformat is used to store WebEx meeting recordings that have been\nrecorded on a WebEx meeting site or on the computer of an online\nmeeting attendee. The players are applications that are used to play\nback and edit recording files (files with a .wrf extension). The WRF\nplayers can be automatically installed when the user accesses a\nrecording file that is hosted on a WebEx meeting site (for stream\nplayback mode). The WRF players can also be manually installed after\ndownloading the application from www.webex.com/downloadplayer.html \nto play back recording files locally (for offline playback mode). The vulnerabilities cannot be triggered\nby users who are attending a WebEx meeting. \n\nVulnerability Scoring Details\n+----------------------------\n\nCisco has provided scores for the vulnerabilities in this advisory\nbased on the Common Vulnerability Scoring System (CVSS). The CVSS\nscoring in this Security Advisory is done in accordance with CVSS\nversion 2.0. \n\nCVSS is a standards-based scoring method that conveys vulnerability\nseverity and helps determine urgency and priority of response. \n\nCisco has provided a base and temporal score. Customers can then\ncompute environmental scores to assist in determining the impact of\nthe vulnerability in individual networks. \n\nCisco has provided an FAQ to answer additional questions regarding\nCVSS at:\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\n\n\nCisco has also provided a CVSS calculator to help compute the\nenvironmental impact for individual networks at:\nhttp://intellishield.cisco.com/security/alertmanager/cvss\n\n* Multiple Cisco WebEx Player Buffer Overflow Vulnerabilities\n\nCVSS Base Score - 9.3\n Access Vector - Network\n Access Complexity - Medium\n Authentication - None\n Confidentiality Impact - Complete\n Integrity Impact - Complete\n Availability Impact - Complete\n\nCVSS Temporal Score - 7.7\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n\nImpact\n======\n\nSuccessful exploitation of the vulnerabilities described in this\ndocument could cause the Cisco WRF player application to crash and,\nin some cases, allow a remote attacker to execute arbitrary code on\nthe system with the privileges of the user who is running the WRF\nplayer application. \n\nSoftware Versions and Fixes\n===========================\n\nWhen considering software upgrades, also consult:\nhttp://www.cisco.com/go/psirt and any subsequent advisories to \ndetermine exposure and a complete upgrade solution. \n\nThese vulnerabilities are first fixed in the following versions: \n\n * T26 SP49 EP40\n * T27 FR20\n * T27 SP11 EP23\n * T27 SP21 EP9\n * T27 SP23\n * T27 SP25 EP3\n * T27 SP28\n\nThe client build is listed in the Support > Downloads section of the\nWebEx page after a user authenticates. WebEx bug fixes are cumulative\nin a major release. For example, if release T27 SP22 EP9 is fixed,\nrelease T27 SP22 EP23 will also have the software fix. End users\nwill see a version such as \"Client build: 27.25.4.11889.\" This\nindicates the server is running software version T27 SP25 EP4. \n\nIf a WRF player was automatically installed, it will be automatically\nupgraded to the latest, nonvulnerable version when users access a\nrecording file that is hosted on a WebEx meeting site. \n\nIf a WRF player was manually installed, users will need to manually\ninstall a new version of the player after downloading the latest\nversion from www.webex.com/downloadplayer.html. If the player is no\nlonger needed, it can be removed using the \"Mac Cisco-WebEx\nUninstaller\" or \"Meeting Services Removal tool\" available at \nsupport.webex.com/support/downloads.html\n\nWorkarounds\n===========\n\nThere are no workarounds for the vulnerabilities disclosed in this\nadvisory. \n\nObtaining Fixed Software\n========================\n\nCisco has released free software updates that address these\nvulnerabilities. Prior to deploying software, customers should\nconsult their maintenance provider or check the software for feature\nset compatibility and known issues specific to their environment. \n\nCustomers may only install and expect support for the feature sets\nthey have purchased. By installing, downloading, accessing or\notherwise using such software upgrades, customers agree to be bound\nby the terms of Cisco's software license terms found at:\nhttp://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html\nor as otherwise set forth at Cisco.com Downloads at:\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml\n\nDo not contact psirt@cisco.com or security-alert@cisco.com for\nsoftware upgrades. \n\nCustomers with Service Contracts\n+-------------------------------\n\nThis section does not apply for vulnerabilities in Cisco WebEx\nproducts. \n\n\nCustomers using Third Party Support Organizations\n+------------------------------------------------\n\nThis section does not apply for vulnerabilities in Cisco WebEx\nproducts. \n\nCustomers without Service Contracts\n+----------------------------------\n\nThis section does not apply for vulnerabilities in Cisco WebEx\nproducts. \n\nExploitation and Public Announcements\n=====================================\n\nThe Cisco PSIRT is not aware of any public announcements or malicious\nuse of the vulnerabilities described in this advisory. \n\nThese vulnerabilities were reported to Cisco by TippingPoint. Cisco\nwould like to thank TippingPoint for reporting these vulnerabilities\nto us. \n\nStatus of this Notice: Final\n============================\n\nTHIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY\nKIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\nDOCUMENT AT ANY TIME. \n\nA stand-alone copy or Paraphrase of the text of this document that\nomits the distribution URL in the following section is an\nuncontrolled copy, and may lack important information or contain\nfactual errors. \n\n\nDistribution\n============\n\nThis advisory is posted on Cisco's worldwide website at:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex\n\nIn addition to worldwide web posting, a text version of this notice\nis clear-signed with the Cisco PSIRT PGP key and is posted to the\nfollowing e-mail and Usenet news recipients. \n\n * cust-security-announce@cisco.com\n * first-teams@first.org\n * bugtraq@securityfocus.com\n * vulnwatch@vulnwatch.org\n * cisco@spot.colorado.edu\n * cisco-nsp@puck.nether.net\n * full-disclosure@lists.grok.org.uk\n * comp.dcom.sys.cisco@newsgate.cisco.com\n\nFuture updates of this advisory, if any, will be placed on Cisco's\nworldwide website, but may or may not be actively announced on\nmailing lists or newsgroups. Users concerned about this problem are\nencouraged to check the above URL for any updates. \n\n\nRevision History\n================\n\n+-------------------------------------------------------------------+\n| Revision 1.0 | 2011-October-26 | Initial public release |\n+-------------------------------------------------------------------+\n\n\n \n\nCisco Security Procedures\n=========================\n\nComplete information on reporting security vulnerabilities in Cisco\nproducts, obtaining assistance with security incidents, and\nregistering to receive security information from Cisco, is available\non Cisco's worldwide website at:\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html\nThis includes instructions for press inquiries regarding Cisco \nsecurity notices. \n\nAll Cisco security advisories are available at: \nhttp://www.cisco.com/go/psirt\n\n\n+--------------------------------------------------------------------\nCopyright 2010-2011 Cisco Systems, Inc. All rights reserved. \n+--------------------------------------------------------------------\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (SunOS)\n\niFcDBQFOqCUXQXnnBKKRMNARCO+aAP9IbHs1VnWKq0GY3UPgGavVWYYrypo9uR2g\nS1eif/eNEQD7BRMCZrBRVyqMy2c0STwOH9IN35fyqGyLtlO/Nxv4geA=\n=eg2S\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n", sources: [ { db: "NVD", id: "CVE-2011-4004", }, { db: "JVNDB", id: "JVNDB-2011-002704", }, { db: "ZDI", id: "ZDI-11-308", }, { db: "CNVD", id: "CNVD-2011-4516", }, { db: "BID", id: "50373", }, { db: "VULHUB", id: "VHN-51949", }, { db: "VULMON", id: "CVE-2011-4004", }, { db: "PACKETSTORM", id: "106270", }, { db: "PACKETSTORM", id: "106320", }, { db: "PACKETSTORM", id: "106250", }, ], trust: 3.51, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://www.scap.org.cn/vuln/vhn-51949", trust: 0.1, type: "unknown", }, ], sources: [ { db: "VULHUB", id: "VHN-51949", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2011-4004", trust: 4.4, }, { db: "ZDI", id: "ZDI-11-308", trust: 1.8, }, { db: "JVNDB", id: "JVNDB-2011-002704", trust: 0.8, }, { db: "SECUNIA", id: "46607", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-1170", trust: 0.7, }, { db: "CNNVD", id: "CNNVD-201110-653", trust: 0.7, }, { db: "CNVD", id: "CNVD-2011-4516", trust: 0.6, }, { db: "CISCO", id: "20111026 BUFFER OVERFLOW VULNERABILITIES IN THE CISCO WEBEX PLAYER", trust: 0.6, }, { db: "NSFOCUS", id: "18037", trust: 0.6, }, { db: "ZDI", id: "ZDI-11-341", trust: 0.3, }, { db: "BID", id: "50373", trust: 0.3, }, { db: "PACKETSTORM", id: "106270", trust: 0.2, }, { db: "VULHUB", id: "VHN-51949", trust: 0.1, }, { db: "VULMON", id: "CVE-2011-4004", trust: 0.1, }, { db: "PACKETSTORM", id: "106320", trust: 0.1, }, { db: "PACKETSTORM", id: "106250", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-11-308", }, { db: "CNVD", id: "CNVD-2011-4516", }, { db: "VULHUB", id: "VHN-51949", }, { db: "VULMON", id: "CVE-2011-4004", }, { db: "BID", id: "50373", }, { db: "JVNDB", id: "JVNDB-2011-002704", }, { db: "PACKETSTORM", id: "106270", }, { db: "PACKETSTORM", id: "106320", }, { db: "PACKETSTORM", id: "106250", }, { db: "NVD", id: "CVE-2011-4004", }, { db: "CNNVD", id: "CNNVD-201110-653", }, ], }, id: "VAR-201110-0222", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2011-4516", }, { db: "VULHUB", id: "VHN-51949", }, ], trust: 1.329615372, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2011-4516", }, ], }, last_update_date: "2023-12-18T13:40:09.132000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "cisco-sa-20111026-webex", trust: 0.8, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20111026-webex", }, { title: "24442", trust: 0.8, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=24442", }, { title: "cisco-sa-20111026-webex", trust: 0.8, url: "http://www.cisco.com/cisco/web/support/jp/110/1108/1108764_cisco-sa-20111026-webex-j.html", }, { title: "Cisco has issued an update to correct this vulnerability.", trust: 0.7, url: "http://www.cisco.com/go/psirt", }, { title: "Patch for Cisco WebEx WRF/ATAS32 File Format Remote Buffer Overflow Vulnerability (CNVD-2011-4516)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/5668", }, ], sources: [ { db: "ZDI", id: "ZDI-11-308", }, { db: "CNVD", id: "CNVD-2011-4516", }, { db: "JVNDB", id: "JVNDB-2011-002704", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-51949", }, { db: "JVNDB", id: "JVNDB-2011-002704", }, { db: "NVD", id: "CVE-2011-4004", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.3, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20111026-webex", }, { trust: 1, url: "http://www.zerodayinitiative.com/advisories/zdi-11-308/", }, { trust: 0.9, url: "http://www.cisco.com/go/psirt", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4004", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4004", }, { trust: 0.6, url: "http://secunia.com/advisories/46607", }, { trust: 0.6, url: "http://www.nsfocus.net/vulndb/18037", }, { trust: 0.4, url: "http://www.webex.com/", }, { trust: 0.3, url: "http://www.zerodayinitiative.com/advisories/zdi-11-341/", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2011-4004", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/119.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=24442", }, { trust: 0.1, url: "http://www.zerodayinitiative.com/advisories/disclosure_policy/", }, { trust: 0.1, url: "http://www.zerodayinitiative.com/advisories/zdi-11-308", }, { trust: 0.1, url: "http://twitter.com/thezdi", }, { trust: 0.1, url: "http://www.zerodayinitiative.com", }, { trust: 0.1, url: "https://ca.secunia.com/?page=viewadvisory&vuln_id=46607", }, { trust: 0.1, url: "http://secunia.com/vulnerability_intelligence/", }, { trust: 0.1, url: "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/", }, { trust: 0.1, url: "http://secunia.com/advisories/46607/#comments", }, { trust: 0.1, url: "http://secunia.com/advisories/secunia_security_advisories/", }, { trust: 0.1, url: "http://secunia.com/vulnerability_scanning/personal/", }, { trust: 0.1, url: "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org", }, { trust: 0.1, url: "http://secunia.com/products/corporate/vim/ovum_2011_request/", }, { trust: 0.1, url: "http://secunia.com/advisories/46607/", }, { trust: 0.1, url: "http://secunia.com/advisories/about_secunia_advisories/", }, { trust: 0.1, url: "https://www.webex.com/downloadplayer.html.", }, { trust: 0.1, url: "http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/publicationlisting", }, { trust: 0.1, url: "http://www.cisco.com/en/us/docs/general/warranty/english/eu1ken_.html", }, { trust: 0.1, url: "https://www.webex.com/downloadplayer.html", }, { trust: 0.1, url: "https://www.webex.com", }, { trust: 0.1, url: "http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html", }, { trust: 0.1, url: "http://secunia.com/", }, { trust: 0.1, url: "http://lists.grok.org.uk/full-disclosure-charter.html", }, { trust: 0.1, url: "http://www.cisco.com/public/sw-center/sw-usingswc.shtml", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-3319", }, { trust: 0.1, url: "http://intellishield.cisco.com/security/alertmanager/cvss", }, ], sources: [ { db: "ZDI", id: "ZDI-11-308", }, { db: "CNVD", id: "CNVD-2011-4516", }, { db: "VULHUB", id: "VHN-51949", }, { db: "VULMON", id: "CVE-2011-4004", }, { db: "BID", id: "50373", }, { db: "JVNDB", id: "JVNDB-2011-002704", }, { db: "PACKETSTORM", id: "106270", }, { db: "PACKETSTORM", id: "106320", }, { db: "PACKETSTORM", id: "106250", }, { db: "NVD", id: "CVE-2011-4004", }, { db: "CNNVD", id: "CNNVD-201110-653", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-11-308", }, { db: "CNVD", id: "CNVD-2011-4516", }, { db: "VULHUB", id: "VHN-51949", }, { db: "VULMON", id: "CVE-2011-4004", }, { db: "BID", id: "50373", }, { db: "JVNDB", id: "JVNDB-2011-002704", }, { db: "PACKETSTORM", id: "106270", }, { db: "PACKETSTORM", id: "106320", }, { db: "PACKETSTORM", id: "106250", }, { db: "NVD", id: "CVE-2011-4004", }, { db: "CNNVD", id: "CNNVD-201110-653", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2011-10-26T00:00:00", db: "ZDI", id: "ZDI-11-308", }, { date: "2011-10-27T00:00:00", db: "CNVD", id: "CNVD-2011-4516", }, { date: "2011-10-27T00:00:00", db: "VULHUB", id: "VHN-51949", }, { date: "2011-10-27T00:00:00", db: "VULMON", id: "CVE-2011-4004", }, { date: "2011-10-26T00:00:00", db: "BID", id: "50373", }, { date: "2011-11-04T00:00:00", db: "JVNDB", id: "JVNDB-2011-002704", }, { date: "2011-10-26T23:20:18", db: "PACKETSTORM", id: "106270", }, { date: "2011-10-28T06:41:05", db: "PACKETSTORM", id: "106320", }, { date: "2011-10-26T18:04:06", db: "PACKETSTORM", id: "106250", }, { date: "2011-10-27T21:55:01.107000", db: "NVD", id: "CVE-2011-4004", }, { date: "1900-01-01T00:00:00", db: "CNNVD", id: "CNNVD-201110-653", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2011-10-26T00:00:00", db: "ZDI", id: "ZDI-11-308", }, { date: "2011-10-27T00:00:00", db: "CNVD", id: "CNVD-2011-4516", }, { date: "2012-04-06T00:00:00", db: "VULHUB", id: "VHN-51949", }, { date: "2012-04-06T00:00:00", db: "VULMON", id: "CVE-2011-4004", }, { date: "2011-12-07T22:17:00", db: "BID", id: "50373", }, { date: "2011-11-04T00:00:00", db: "JVNDB", id: "JVNDB-2011-002704", }, { date: "2012-04-06T04:00:00", db: "NVD", id: "CVE-2011-4004", }, { date: "2011-10-28T00:00:00", db: "CNNVD", id: "CNNVD-201110-653", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "106270", }, { db: "PACKETSTORM", id: "106250", }, { db: "CNNVD", id: "CNNVD-201110-653", }, ], trust: 0.8, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Cisco WebEx Recording Format (WRF) player of ATAS32 Buffer overflow vulnerability in processing functions", sources: [ { db: "JVNDB", id: "JVNDB-2011-002704", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer overflow", sources: [ { db: "CNNVD", id: "CNNVD-201110-653", }, ], trust: 0.6, }, }
gsd-2011-4004
Vulnerability from gsd
{ GSD: { alias: "CVE-2011-4004", description: "Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.", id: "GSD-2011-4004", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2011-4004", ], details: "Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.", id: "GSD-2011-4004", modified: "2023-12-13T01:19:05.712641Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-4004", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20111026 Buffer Overflow Vulnerabilities in the Cisco WebEx Player", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:cisco:webex_recording_format_player:27.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:webex_recording_format_player:27.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:webex_recording_format_player:27.13:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:webex_recording_format_player:26:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:webex_recording_format_player:27:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-4004", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "20111026 Buffer Overflow Vulnerabilities in the Cisco WebEx Player", refsource: "CISCO", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: true, }, }, lastModifiedDate: "2012-04-06T04:00Z", publishedDate: "2011-10-27T21:55Z", }, }, }
fkie_cve-2011-4004
Vulnerability from fkie_nvd
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_recording_format_player | 26 | |
| cisco | webex_recording_format_player | 27 | |
| cisco | webex_recording_format_player | 27.10 | |
| cisco | webex_recording_format_player | 27.12 | |
| cisco | webex_recording_format_player | 27.13 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:webex_recording_format_player:26:*:*:*:*:*:*:*", matchCriteriaId: "89A7EC6D-EFF7-494D-BBF7-787464A2858B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_recording_format_player:27:*:*:*:*:*:*:*", matchCriteriaId: "8F949C6D-8074-444B-986E-63F06F9A05A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_recording_format_player:27.10:*:*:*:*:*:*:*", matchCriteriaId: "1B242684-7692-4F50-8419-587F0DCBC376", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_recording_format_player:27.12:*:*:*:*:*:*:*", matchCriteriaId: "6D126564-E0D1-4E25-BD83-B10EF9AFBDA8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_recording_format_player:27.13:*:*:*:*:*:*:*", matchCriteriaId: "F4D92FB5-277D-43B8-8200-43E1FE102BA3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.", }, { lang: "es", value: "Desbordamiento de búfer en la funcionalidad de procesamiento de ATAS32 en Cisco WebEx Recording Format (WRF) T26 player anterior a EP40 SP49 y SP28 anterior a T27 permite a atacantes remotos ejecutar código arbitrario a través de un archivo modificado WRF.", }, ], id: "CVE-2011-4004", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2011-10-27T21:55:01.107", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
This schema specifies the format of a comment related to a security advisory.
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.