Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-4004

Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.

Published

2011-10-27T21:55:01.107

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	webex_recording_format_player	26	Yes
Application	cisco	webex_recording_format_player	27	Yes
Application	cisco	webex_recording_format_player	27.10	Yes
Application	cisco	webex_recording_format_player	27.12	Yes
Application	cisco	webex_recording_format_player	27.13	Yes

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex Vendor Advisory ([email protected])
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)