FKIE_CVE-2010-3269

Vulnerability from fkie_nvd - Published: 2011-02-02 23:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to use of a function pointer in a callback mechanism.
References
cve@mitre.orghttp://securitytracker.com/id?1025015
cve@mitre.orghttp://tools.cisco.com/security/center/viewAlert.x?alertId=22016Patch
cve@mitre.orghttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtmlPatch, Vendor Advisory
cve@mitre.orghttp://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilitiesPatch
cve@mitre.orghttp://www.securityfocus.com/archive/1/516095/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/46075
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0261Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/65076
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1025015
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=22016Patch
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilitiesPatch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/516095/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/46075
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0261Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/65076
Impacted products
Vendor Product Version
cisco webex_recording_format_player 26.49
cisco webex_recording_format_player 27.10
cisco webex_recording_format_player 27.11.0.3328
cisco webex_recording_format_player 27.12
cisco webex_recording_format_player 27.13
cisco webex_advanced_recording_format_player 26.49
cisco webex_advanced_recording_format_player 27.10
cisco webex_advanced_recording_format_player 27.11.0.3328
cisco webex_advanced_recording_format_player 27.12
cisco webex_advanced_recording_format_player 27.13
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:webex_recording_format_player:26.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA595A90-DF5A-406C-ABF3-B1A77C558A7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B242684-7692-4F50-8419-587F0DCBC376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.11.0.3328:*:*:*:*:*:*:*",
              "matchCriteriaId": "176F29FD-9938-4D62-90EF-B7EEEA345B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D126564-E0D1-4E25-BD83-B10EF9AFBDA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4D92FB5-277D-43B8-8200-43E1FE102BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:26.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "34E69005-589F-48AD-8E47-14515D3B821D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7993427-15B5-453E-B119-5D813AB7D679",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.11.0.3328:*:*:*:*:*:*:*",
              "matchCriteriaId": "722F62C7-106D-453A-8E1C-A7F6B495D77F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7BAD3E5-99DA-4075-B081-4C79093A5975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "40FC3D3B-6D9A-4C08-9E98-08215071C64C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to use of a function pointer in a callback mechanism."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en Cisco WebEx Recording Format (WRF) y Advanced Recording Format (ARF) Players T27LB anteriores a SP21 EP3 y T27LC anteriores a SP22, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de ficheros (1) .wrf o (2) .arf manipulados, relacionado con el uso de la funci\u00f3n pointer en un mecanismo de retorno de llamada."
    }
  ],
  "id": "CVE-2010-3269",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-02-02T23:00:31.957",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1025015"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/516095/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/46075"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0261"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1025015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516095/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65076"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.