Sign-up

ID

VAR-201405-0480


CVE

CVE-2014-2135


TITLE

Cisco Advanced Recording Format Player Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2014-002427

DESCRIPTION

Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCul87216 and CSCuj07603. An attacker could exploit this issue to crash the affected player causing denial-of-service conditions or execute arbitrary code in context of the user. This issue is being tracked by Cisco Bug IDs CSCul87216, CSCuj07603

Trust: 1.98

sources: NVD: CVE-2014-2135 // JVNDB: JVNDB-2014-002427 // BID: 67262 // VULHUB: VHN-70074

AFFECTED PRODUCTS

vendor:ciscomodel:webex recording format playerscope:eqversion:t29

Trust: 1.6

vendor:ciscomodel:webex advanced recording format playerscope:eqversion:t28

Trust: 1.6

vendor:ciscomodel:webex recording format playerscope:eqversion:t27ld

Trust: 1.6

vendor:ciscomodel:webex advanced recording format playerscope:eqversion:t29

Trust: 1.6

vendor:ciscomodel:webex advanced recording format playerscope:eqversion:t27ld

Trust: 1.6

vendor:ciscomodel:webex recording format playerscope:eqversion:t28

Trust: 1.6

vendor:ciscomodel:webex advanced recording format playerscope:ltversion:t27 ld thats all t27 ld sp32 ep16

Trust: 0.8

vendor:ciscomodel:webex advanced recording format playerscope:ltversion:t28 thats all t28.12

Trust: 0.8

vendor:ciscomodel:webex advanced recording format playerscope:ltversion:t29 thats all t29.2

Trust: 0.8

sources: JVNDB: JVNDB-2014-002427 // CNNVD: CNNVD-201405-158 // NVD: CVE-2014-2135

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2135
value: HIGH

Trust: 1.0

NVD: CVE-2014-2135
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201405-158
value: CRITICAL

Trust: 0.6

VULHUB: VHN-70074
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-2135
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70074
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70074 // JVNDB: JVNDB-2014-002427 // CNNVD: CNNVD-201405-158 // NVD: CVE-2014-2135

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-70074 // JVNDB: JVNDB-2014-002427 // NVD: CVE-2014-2135

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-158

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201405-158

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002427

PATCH
title:cisco-sa-20140507-webexurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex
Trust: 0.8
title:34032url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34032
Trust: 0.8
title:cisco-sa-20140507-webexurl:http://www.cisco.com/cisco/web/support/JP/112/1122/1122550_cisco-sa-20140507-webex-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002427

EXTERNAL IDS
db:NVDid:CVE-2014-2135
Trust: 2.8
db:JVNDBid:JVNDB-2014-002427
Trust: 0.8
db:CNNVDid:CNNVD-201405-158
Trust: 0.7
db:CISCOid:20140507 MULTIPLE VULNERABILITIES IN THE CISCO WEBEX RECORDING FORMAT AND ADVANCED RECORDING FORMAT PLAYERS
Trust: 0.6
db:BIDid:67262
Trust: 0.4
db:VULHUBid:VHN-70074
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70074 // 
            
            
            
            BID: 67262 // 
            
            
            
            JVNDB: JVNDB-2014-002427 // 
            
            
            
            CNNVD: CNNVD-201405-158 // 
            
            
            
            NVD: CVE-2014-2135

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140507-webex
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2135
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2135
Trust: 0.8
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-70074 // 
            
            
            
            BID: 67262 // 
            
            
            
            JVNDB: JVNDB-2014-002427 // 
            
            
            
            CNNVD: CNNVD-201405-158 // 
            
            
            
            NVD: CVE-2014-2135

CREDITS
Microsoft Vulnerability Research (MSVR) team
Trust: 0.3
sources:
            
            
            BID: 67262

SOURCES
db:VULHUBid:VHN-70074
db:BIDid:67262
db:JVNDBid:JVNDB-2014-002427
db:CNNVDid:CNNVD-201405-158
db:NVDid:CVE-2014-2135

LAST UPDATE DATE
2024-11-23T21:45:10.059000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70074date:2014-05-08T00:00:00
db:BIDid:67262date:2014-05-07T00:00:00
db:JVNDBid:JVNDB-2014-002427date:2014-05-09T00:00:00
db:CNNVDid:CNNVD-201405-158date:2014-05-12T00:00:00
db:NVDid:CVE-2014-2135date:2024-11-21T02:05:43.177

SOURCES RELEASE DATE
db:VULHUBid:VHN-70074date:2014-05-08T00:00:00
db:BIDid:67262date:2014-05-07T00:00:00
db:JVNDBid:JVNDB-2014-002427date:2014-05-09T00:00:00
db:CNNVDid:CNNVD-201405-158date:2014-05-12T00:00:00
db:NVDid:CVE-2014-2135date:2014-05-08T10:55:04.073