ID
VAR-201309-0035
CVE
CVE-2013-1119
TITLE
Cisco WebEx Recording Format player Vulnerable to buffer overflow
Trust: 0.8
DESCRIPTION
Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DHT index value in JPEG data within a WRF file, aka Bug ID CSCuc24503. Cisco WebEx Recording Format (WRF) player Contains a buffer overflow vulnerability. An attacker could exploit this issue to crash the affected player causing denial-of-service conditions or execute arbitrary code in context of the user. This issue is being tracked by Cisco Bug ID CSCuc24503. The following versions are affected: 27.11.26, 27.21.10, 27.25.10, 27.32.1, 27.32.10, 28.4, 28.0.0
Trust: 1.98
AFFECTED PRODUCTS
| vendor: | cisco | model: | webex recording format player | scope: | eq | version: | 27.32.10 | Trust: 1.6 |
| vendor: | cisco | model: | webex recording format player | scope: | eq | version: | 27.32.1 | Trust: 1.6 |
| vendor: | cisco | model: | webex recording format player | scope: | eq | version: | 27.11.26 | Trust: 1.6 |
| vendor: | cisco | model: | webex recording format player | scope: | eq | version: | 28.0.0 | Trust: 1.6 |
| vendor: | cisco | model: | webex recording format player | scope: | eq | version: | 27.25.10 | Trust: 1.6 |
| vendor: | cisco | model: | webex recording format player | scope: | eq | version: | 28.4 | Trust: 1.6 |
| vendor: | cisco | model: | webex recording format player | scope: | eq | version: | 27.21.10 | Trust: 1.6 |
| vendor: | cisco | model: | webex recording format player | scope: | lt | version: | t27 ld | Trust: 0.8 |
| vendor: | cisco | model: | webex recording format player | scope: | lt | version: | t27 l10n | Trust: 0.8 |
| vendor: | cisco | model: | webex recording format player | scope: | eq | version: | sp32_orion111 | Trust: 0.8 |
| vendor: | cisco | model: | webex recording format player | scope: | eq | version: | sp32 ep16 | Trust: 0.8 |
| vendor: | cisco | model: | webex recording format player | scope: | eq | version: | t28.8 | Trust: 0.8 |
| vendor: | cisco | model: | webex recording format player | scope: | lt | version: | t28 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-119 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
buffer overflow
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20130904-webex | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130904-webex | Trust: 0.8 |
| title: | 30535 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=30535 | Trust: 0.8 |
| title: | cisco-sa-20130904-webex | url: | http://www.cisco.com/cisco/web/support/JP/111/1119/1119807_cisco-sa-20130904-webex-j.html | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-1119 | Trust: 2.8 |
| db: | BID | id: | 62164 | Trust: 1.0 |
| db: | JVNDB | id: | JVNDB-2013-003978 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201309-017 | Trust: 0.7 |
| db: | CISCO | id: | 20130904 MULTIPLE VULNERABILITIES IN THE CISCO WEBEX RECORDING FORMAT AND ADVANCED RECORDING FORMAT PLAYERS | Trust: 0.6 |
| db: | VULHUB | id: | VHN-61121 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130904-webex | Trust: 2.0 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1119 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1119 | Trust: 0.8 |
| url: | http://www.securityfocus.com/bid/62164 | Trust: 0.6 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=30535 | Trust: 0.3 |
CREDITS
iDefense
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-61121 |
| db: | BID | id: | 62164 |
| db: | JVNDB | id: | JVNDB-2013-003978 |
| db: | CNNVD | id: | CNNVD-201309-017 |
| db: | NVD | id: | CVE-2013-1119 |
LAST UPDATE DATE
2024-08-14T14:14:21.339000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-61121 | date: | 2013-09-06T00:00:00 |
| db: | BID | id: | 62164 | date: | 2013-09-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-003978 | date: | 2013-09-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201309-017 | date: | 2013-09-09T00:00:00 |
| db: | NVD | id: | CVE-2013-1119 | date: | 2013-09-06T13:39:38.530 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-61121 | date: | 2013-09-06T00:00:00 |
| db: | BID | id: | 62164 | date: | 2013-09-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-003978 | date: | 2013-09-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201309-017 | date: | 2013-09-05T00:00:00 |
| db: | NVD | id: | CVE-2013-1119 | date: | 2013-09-06T11:15:37.207 |