Signature Detail
Short Name |
HTTP:STC:DL:WEBEX-RECORD-ATAS |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Cisco WebEx Recording Format Player atas32.dll Integer Overflow |
Release Date |
2012/05/29 |
Update Number |
2142 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Cisco WebEx Recording Format Player atas32.dll Integer Overflow
A code execution vulnerability exists in Cisco WebEx Recording Format (WRF) Player. This vulnerability is due to an integer overflow leading to a heap buffer overflow when processing WRF files. A remote unauthenticated attacker can leverage this vulnerability by crafting a WRF file and enticing the target user to view the malicious file. Successful exploitation would result in execution of arbitrary code on the target host in the context of the currently logged on user.
Extended Description
Cisco WebEx is prone to multiple remote buffer-overflow vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Affected Products
- Cisco WebEx (Linux) T27 LB SP21 EP10
- Cisco WebEx (Linux) T27 LC SP25 EP9
- Cisco WebEx (Linux) T27 LD SP32
- Cisco WebEx (Linux) T27 L SP11 EP26
- Cisco WebEx (Mac OS X) T27 LB SP21 EP10
- Cisco WebEx (Mac OS X) T27 LC SP25 EP9
- Cisco WebEx (Mac OS X) T27 LD SP32
- Cisco WebEx (Mac OS X) T27 L SP11 EP26
- Cisco WebEx (Windows) T27 LB SP21 EP10
- Cisco WebEx (Windows) T27 LC SP25 EP9
- Cisco WebEx (Windows) T27 LD SP32
- Cisco WebEx (Windows) T27 L SP11 EP26
References
- BugTraq: 52882
- CVE: CVE-2012-1336