[email protected]CVE-2009-2876

HistoryDec 18, 2009 - 7:30 p.m.

CVE-2009-2876

2009-12-1819:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-2876

buffer overflow

cisco

webex

wrf player

denial of service

remote code execution

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

91.0%

JSON

Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879.

Affected configurations

NVD

Node

ciscowebexMatch26.00linux

ciscowebexMatch26.00mac_os_x

ciscowebexMatch26.00windows

ciscowebexMatch27.00linux

ciscowebexMatch27.00mac_os_x

ciscowebexMatch27.00windows

CPENameOperatorVersion
cisco:webexcisco webexeq26.00
cisco:webexcisco webexeq27.00

CPE	Name	Operator	Version
cisco:webex	cisco webex	eq	26.00
cisco:webex	cisco webex	eq	27.00

References

fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-012-cisco.html

secunia.com/advisories/37810

securitytracker.com/id?1023360

tools.cisco.com/security/center/viewAlert.x?alertId=19499

tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml

www.fortiguard.com/advisory/FGA-2009-48.html

www.osvdb.org/61126

www.securityfocus.com/bid/37352

www.vupen.com/english/advisories/2009/3574

exchange.xforce.ibmcloud.com/vulnerabilities/54841

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

91.0%

JSON

Related for CVE-2009-2876

cve2 cvelist3 nvd3 prion3 seebug1 cisco1 securityvulns2