ID
VAR-201609-0381
CVE
CVE-2016-1415
TITLE
Cisco WebEx Meetings Player Service disruption in (DoS) Vulnerabilities
Trust: 0.8
DESCRIPTION
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455. Cisco WebEx Meetings Player is prone to a denial-of-service vulnerability. Successful exploits may allow the attacker to crash the affected application resulting in denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuz80455. Cisco WebEx Meetings Player version T29.10 is vulnerable; other versions may also be affected. The vulnerability is caused by the program not handling user-supplied files correctly
Trust: 1.98
AFFECTED PRODUCTS
| vendor: | cisco | model: | webex wrf player t29 | scope: | eq | version: | sp10_base | Trust: 1.6 |
| vendor: | cisco | model: | webex meetings | scope: | eq | version: | player t29.10 | Trust: 0.8 |
| vendor: | cisco | model: | webex meetings player t29.10 | scope: | - | version: | - | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-399 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
resource management error
Trust: 0.6
CONFIGURATIONS
EXPLOIT AVAILABILITY
PATCH
| title: | cisco-sa-20160831-webex | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-webex | Trust: 0.8 |
| title: | Cisco WebEx Meetings Player Remediation measures for denial of service vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63832 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-1415 | Trust: 2.8 |
| db: | BID | id: | 92711 | Trust: 2.0 |
| db: | EXPLOIT-DB | id: | 40509 | Trust: 1.1 |
| db: | SECTRACK | id: | 1036713 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2016-004530 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201608-535 | Trust: 0.7 |
| db: | NSFOCUS | id: | 34701 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 139133 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-90234 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160831-webex | Trust: 2.0 |
| url: | http://www.securityfocus.com/bid/92711 | Trust: 1.7 |
| url: | https://www.exploit-db.com/exploits/40509/ | Trust: 1.1 |
| url: | http://www.securitytracker.com/id/1036713 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1415 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1415 | Trust: 0.8 |
| url: | http://www.nsfocus.net/vulndb/34701 | Trust: 0.6 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Francis Provencher, COSIG.
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-90234 |
| db: | BID | id: | 92711 |
| db: | JVNDB | id: | JVNDB-2016-004530 |
| db: | CNNVD | id: | CNNVD-201608-535 |
| db: | NVD | id: | CVE-2016-1415 |
LAST UPDATE DATE
2024-11-23T22:22:44.060000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-90234 | date: | 2017-09-03T00:00:00 |
| db: | BID | id: | 92711 | date: | 2016-08-31T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-004530 | date: | 2016-09-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-201608-535 | date: | 2016-09-05T00:00:00 |
| db: | NVD | id: | CVE-2016-1415 | date: | 2024-11-21T02:46:24.187 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-90234 | date: | 2016-09-03T00:00:00 |
| db: | BID | id: | 92711 | date: | 2016-08-31T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-004530 | date: | 2016-09-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-201608-535 | date: | 2016-08-31T00:00:00 |
| db: | NVD | id: | CVE-2016-1415 | date: | 2016-09-03T20:59:03.843 |