Details of VAR-201309-0034

ID

VAR-201309-0034

CVE

CVE-2013-1118

TITLE

Cisco WebEx Recording Format player Vulnerable to stack-based buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2013-003977

DESCRIPTION

Stack-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCuc27645. Vendors have confirmed this vulnerability Bug ID CSCuc27645 It is released as.Skillfully crafted by a third party WRF An arbitrary code may be executed via the file. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCuc27645. The vulnerability stems from the software not properly handling .wrf files. The following versions are affected: 27.11.26, 27.21.10, 27.25.10, 27.32.1, 27.32.10, 28.4, 28.0.0

Trust: 1.98

sources: NVD: CVE-2013-1118 // JVNDB: JVNDB-2013-003977 // BID: 62163 // VULHUB: VHN-61120

AFFECTED PRODUCTS

vendor:	cisco	model:	webex recording format player	scope:	eq	version:	27.32.10	Trust: 1.6
vendor:	cisco	model:	webex recording format player	scope:	eq	version:	27.32.1	Trust: 1.6
vendor:	cisco	model:	webex recording format player	scope:	eq	version:	27.11.26	Trust: 1.6
vendor:	cisco	model:	webex recording format player	scope:	eq	version:	28.0.0	Trust: 1.6
vendor:	cisco	model:	webex recording format player	scope:	eq	version:	27.25.10	Trust: 1.6
vendor:	cisco	model:	webex recording format player	scope:	eq	version:	28.4	Trust: 1.6
vendor:	cisco	model:	webex recording format player	scope:	eq	version:	27.21.10	Trust: 1.6
vendor:	cisco	model:	webex recording format player	scope:	lt	version:	t27 ld	Trust: 0.8
vendor:	cisco	model:	webex recording format player	scope:	lt	version:	t27 l10n	Trust: 0.8
vendor:	cisco	model:	webex recording format player	scope:	eq	version:	sp32_orion111	Trust: 0.8
vendor:	cisco	model:	webex recording format player	scope:	eq	version:	sp32 ep16	Trust: 0.8
vendor:	cisco	model:	webex recording format player	scope:	eq	version:	t28.8	Trust: 0.8
vendor:	cisco	model:	webex recording format player	scope:	lt	version:	t28	Trust: 0.8
vendor:	cisco	model:	webex wrf player t28 sp1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t28	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp32 cp1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp32	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp28	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp25 ep9	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp25 ep8	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp25 ep7	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp25 ep6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp25 ep5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp25 ep4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp25 ep3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp25 ep2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp25 ep10	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp25 ep1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp25	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp21 ep9	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp21 ep8	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp21 ep7	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp21 ep6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp21 ep5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp21 ep4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp21 ep3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp21 ep2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp21 ep10	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp21 ep1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp21	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp13	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp12	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep9	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep8	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep7	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep26	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep25	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep24	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep23	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep22	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep21	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep20	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep19	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep18	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep17	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep16	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep15	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep14	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep13	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep12	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep11	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep10	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11 ep1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp11	scope:	eq	version:	.0.3328	Trust: 0.3
vendor:	cisco	model:	webex wrf player t27 sp10	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep9	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep8	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep7	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep39	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep38	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep37	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep36	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep35	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep34	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep33	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep32	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep31	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep30	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep29	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep28	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep27	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep26	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep25	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep24	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep23	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep22	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep21	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep20	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep19	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep18	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep17	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep16	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep15	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep14	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep13	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep12	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep11	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep10	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49 ep1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex wrf player t26 sp49	scope:	-	version:	-	Trust: 0.3

sources: BID: 62163 // JVNDB: JVNDB-2013-003977 // CNNVD: CNNVD-201309-016 // NVD: CVE-2013-1118

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1118
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-1118
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201309-016
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-61120
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-1118
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61120
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61120 // JVNDB: JVNDB-2013-003977 // CNNVD: CNNVD-201309-016 // NVD: CVE-2013-1118

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-61120 // JVNDB: JVNDB-2013-003977 // NVD: CVE-2013-1118

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-016

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201309-016

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003977

PATCH

title:	cisco-sa-20130904-webex	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130904-webex	Trust: 0.8
title:	30534	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30534	Trust: 0.8
title:	cisco-sa-20130904-webex	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119807_cisco-sa-20130904-webex-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-003977

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1118	Trust: 2.8
db:	BID	id:	62163	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-003977	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-016	Trust: 0.7
db:	CISCO	id:	20130904 MULTIPLE VULNERABILITIES IN THE CISCO WEBEX RECORDING FORMAT AND ADVANCED RECORDING FORMAT PLAYERS	Trust: 0.6
db:	VULHUB	id:	VHN-61120	Trust: 0.1

sources: VULHUB: VHN-61120 // BID: 62163 // JVNDB: JVNDB-2013-003977 // CNNVD: CNNVD-201309-016 // NVD: CVE-2013-1118

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130904-webex	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1118	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1118	Trust: 0.8
url:	http://www.securityfocus.com/bid/62163	Trust: 0.6
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=30534	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20121010-webex	Trust: 0.3

sources: VULHUB: VHN-61120 // BID: 62163 // JVNDB: JVNDB-2013-003977 // CNNVD: CNNVD-201309-016 // NVD: CVE-2013-1118

CREDITS

Microsoft Vulnerability Research (MSVR)

Trust: 0.9

sources: BID: 62163 // CNNVD: CNNVD-201309-016

SOURCES

db:	VULHUB	id:	VHN-61120
db:	BID	id:	62163
db:	JVNDB	id:	JVNDB-2013-003977
db:	CNNVD	id:	CNNVD-201309-016
db:	NVD	id:	CVE-2013-1118

LAST UPDATE DATE

2024-08-14T14:14:21.370000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61120	date:	2013-09-06T00:00:00
db:	BID	id:	62163	date:	2013-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2013-003977	date:	2013-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201309-016	date:	2013-09-09T00:00:00
db:	NVD	id:	CVE-2013-1118	date:	2013-09-06T13:38:24.643

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61120	date:	2013-09-06T00:00:00
db:	BID	id:	62163	date:	2013-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2013-003977	date:	2013-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201309-016	date:	2013-09-05T00:00:00
db:	NVD	id:	CVE-2013-1118	date:	2013-09-06T11:15:37.187