Details of VAR-201405-0479

ID

VAR-201405-0479

CVE

CVE-2014-2134

TITLE

Cisco WebEx Recording Format Player Heap-based buffer overflow vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2014-002426 // CNNVD: CNNVD-201405-157

DESCRIPTION

Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio channel in a .wrf file, aka Bug ID CSCuc39458. Cisco WebEx Recording Format (WRF) Player Contains a heap-based buffer overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 1.98

sources: NVD: CVE-2014-2134 // JVNDB: JVNDB-2014-002426 // BID: 67260 // VULHUB: VHN-70073

AFFECTED PRODUCTS

vendor:	cisco	model:	webex recording format player	scope:	eq	version:	t29	Trust: 1.6
vendor:	cisco	model:	webex advanced recording format player	scope:	eq	version:	t28	Trust: 1.6
vendor:	cisco	model:	webex recording format player	scope:	eq	version:	t27ld	Trust: 1.6
vendor:	cisco	model:	webex advanced recording format player	scope:	eq	version:	t29	Trust: 1.6
vendor:	cisco	model:	webex advanced recording format player	scope:	eq	version:	t27ld	Trust: 1.6
vendor:	cisco	model:	webex recording format player	scope:	eq	version:	t28	Trust: 1.6
vendor:	cisco	model:	webex recording format player	scope:	lt	version:	t27 ld thats all t27 ld sp32 ep16	Trust: 0.8
vendor:	cisco	model:	webex recording format player	scope:	lt	version:	t28 thats all t28.12	Trust: 0.8
vendor:	cisco	model:	webex recording format player	scope:	lt	version:	t29 thats all t29.2	Trust: 0.8

sources: JVNDB: JVNDB-2014-002426 // CNNVD: CNNVD-201405-157 // NVD: CVE-2014-2134

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2134
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2134
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201405-157
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-70073
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2134
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-70073
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70073 // JVNDB: JVNDB-2014-002426 // CNNVD: CNNVD-201405-157 // NVD: CVE-2014-2134

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-70073 // JVNDB: JVNDB-2014-002426 // NVD: CVE-2014-2134

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-157

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201405-157

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002426

PATCH

title:	cisco-sa-20140507-webex	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex	Trust: 0.8
title:	34031	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34031	Trust: 0.8
title:	cisco-sa-20140507-webex	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122550_cisco-sa-20140507-webex-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-002426

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2134	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-002426	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-157	Trust: 0.7
db:	CISCO	id:	20140507 MULTIPLE VULNERABILITIES IN THE CISCO WEBEX RECORDING FORMAT AND ADVANCED RECORDING FORMAT PLAYERS	Trust: 0.6
db:	BID	id:	67260	Trust: 0.4
db:	VULHUB	id:	VHN-70073	Trust: 0.1

sources: VULHUB: VHN-70073 // BID: 67260 // JVNDB: JVNDB-2014-002426 // CNNVD: CNNVD-201405-157 // NVD: CVE-2014-2134

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140507-webex	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2134	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2134	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140507-webex#software	Trust: 0.3

sources: VULHUB: VHN-70073 // BID: 67260 // JVNDB: JVNDB-2014-002426 // CNNVD: CNNVD-201405-157 // NVD: CVE-2014-2134

CREDITS

iDefense

Trust: 0.3

sources: BID: 67260

SOURCES

db:	VULHUB	id:	VHN-70073
db:	BID	id:	67260
db:	JVNDB	id:	JVNDB-2014-002426
db:	CNNVD	id:	CNNVD-201405-157
db:	NVD	id:	CVE-2014-2134

LAST UPDATE DATE

2024-11-23T21:45:10.154000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70073	date:	2014-05-08T00:00:00
db:	BID	id:	67260	date:	2014-05-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-002426	date:	2014-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201405-157	date:	2014-05-12T00:00:00
db:	NVD	id:	CVE-2014-2134	date:	2024-11-21T02:05:43.060

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70073	date:	2014-05-08T00:00:00
db:	BID	id:	67260	date:	2014-05-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-002426	date:	2014-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201405-157	date:	2014-05-12T00:00:00
db:	NVD	id:	CVE-2014-2134	date:	2014-05-08T10:55:03.950