Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-3269

Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to use of a function pointer in a callback mechanism.

Published

2011-02-02T23:00:31.957

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	webex_recording_format_player	26.49	Yes
Application	cisco	webex_recording_format_player	27.10	Yes
Application	cisco	webex_recording_format_player	27.11.0.3328	Yes
Application	cisco	webex_recording_format_player	27.12	Yes
Application	cisco	webex_recording_format_player	27.13	Yes
Application	cisco	webex_advanced_recording_format_player	26.49	Yes
Application	cisco	webex_advanced_recording_format_player	27.10	Yes
Application	cisco	webex_advanced_recording_format_player	27.11.0.3328	Yes
Application	cisco	webex_advanced_recording_format_player	27.12	Yes
Application	cisco	webex_advanced_recording_format_player	27.13	Yes

References

http://securitytracker.com/id?1025015 ([email protected])
http://tools.cisco.com/security/center/viewAlert.x?alertId=22016 Patch ([email protected])
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml Patch, Vendor Advisory ([email protected])
http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities Patch ([email protected])
http://www.securityfocus.com/archive/1/516095/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/46075 ([email protected])
http://www.vupen.com/english/advisories/2011/0261 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/65076 ([email protected])
http://securitytracker.com/id?1025015 (af854a3a-2127-422b-91ae-364da2661108)
http://tools.cisco.com/security/center/viewAlert.x?alertId=22016 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/516095/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/46075 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0261 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65076 (af854a3a-2127-422b-91ae-364da2661108)