Details of VAR-201609-0383

ID

VAR-201609-0383

CVE

CVE-2016-1464

TITLE

Cisco WebEx Meetings Player Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-004531

DESCRIPTION

Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375. An attacker can exploit this issue to execute arbitrary code on the affected system with privileges of the user. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCva09375. Cisco WebEx Meetings Player T29.10 is vulnerable; other versions may also be affected. The vulnerability stems from the fact that the program does not properly handle user-supplied files

Trust: 1.98

sources: NVD: CVE-2016-1464 // JVNDB: JVNDB-2016-004531 // BID: 92708 // VULHUB: VHN-90283

AFFECTED PRODUCTS

vendor:	cisco	model:	webex wrf player t29	scope:	eq	version:	sp10_base	Trust: 1.6
vendor:	cisco	model:	webex meetings	scope:	eq	version:	player t29.10	Trust: 0.8
vendor:	cisco	model:	webex meetings player t31	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meetings player t30	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meetings player t29.10	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meetings player t29	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meetings player t31r2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meetings player t31.5.20	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meetings player t30.12.1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meetings player t29.13.112	scope:	ne	version:	-	Trust: 0.3

sources: BID: 92708 // JVNDB: JVNDB-2016-004531 // CNNVD: CNNVD-201608-539 // NVD: CVE-2016-1464

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1464
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1464
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201608-539
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-90283
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-1464
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90283
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1464
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90283 // JVNDB: JVNDB-2016-004531 // CNNVD: CNNVD-201608-539 // NVD: CVE-2016-1464

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-90283 // JVNDB: JVNDB-2016-004531 // NVD: CVE-2016-1464

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-539

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201608-539

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004531

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-90283

PATCH

title:	cisco-sa-20160831-meetings-player	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player	Trust: 0.8
title:	Cisco WebEx Meetings Player Fixes for remote arbitrary code execution vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63836	Trust: 0.6

sources: JVNDB: JVNDB-2016-004531 // CNNVD: CNNVD-201608-539

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1464	Trust: 2.8
db:	BID	id:	92708	Trust: 2.0
db:	EXPLOIT-DB	id:	40508	Trust: 1.1
db:	SECTRACK	id:	1036712	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-004531	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-539	Trust: 0.7
db:	NSFOCUS	id:	34702	Trust: 0.6
db:	PACKETSTORM	id:	139134	Trust: 0.1
db:	VULHUB	id:	VHN-90283	Trust: 0.1

sources: VULHUB: VHN-90283 // BID: 92708 // JVNDB: JVNDB-2016-004531 // CNNVD: CNNVD-201608-539 // NVD: CVE-2016-1464

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160831-meetings-player	Trust: 2.0
url:	http://www.securityfocus.com/bid/92708	Trust: 1.7
url:	https://www.exploit-db.com/exploits/40508/	Trust: 1.1
url:	http://www.securitytracker.com/id/1036712	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1464	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1464	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/34702	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-90283 // BID: 92708 // JVNDB: JVNDB-2016-004531 // CNNVD: CNNVD-201608-539 // NVD: CVE-2016-1464

CREDITS

Francis Provencher, COSIG.

Trust: 0.9

sources: BID: 92708 // CNNVD: CNNVD-201608-539

SOURCES

db:	VULHUB	id:	VHN-90283
db:	BID	id:	92708
db:	JVNDB	id:	JVNDB-2016-004531
db:	CNNVD	id:	CNNVD-201608-539
db:	NVD	id:	CVE-2016-1464

LAST UPDATE DATE

2024-11-23T21:42:46.723000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90283	date:	2017-09-03T00:00:00
db:	BID	id:	92708	date:	2016-10-26T00:18:00
db:	JVNDB	id:	JVNDB-2016-004531	date:	2016-09-07T00:00:00
db:	CNNVD	id:	CNNVD-201608-539	date:	2016-09-05T00:00:00
db:	NVD	id:	CVE-2016-1464	date:	2024-11-21T02:46:29.570

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90283	date:	2016-09-03T00:00:00
db:	BID	id:	92708	date:	2016-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2016-004531	date:	2016-09-07T00:00:00
db:	CNNVD	id:	CNNVD-201608-539	date:	2016-08-31T00:00:00
db:	NVD	id:	CVE-2016-1464	date:	2016-09-03T20:59:05.140