CVE-2009-2879

18.12.2009, 19:30

Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C
cisco	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 84%

Vendor	Product	Version
cisco	webex	26.00
cisco	webex	26.00
cisco	webex	26.00
cisco	webex	27.00
cisco	webex	27.00
cisco	webex	27.00

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://secunia.com/advisories/37810

http://securitytracker.com/id?1023360

http://tools.cisco.com/security/center/viewAlert.x?alertId=19499

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml

http://www.fortiguard.com/advisory/FGA-2009-48.html

http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.heap.overflow.html

http://www.osvdb.org/61129

http://www.securityfocus.com/bid/37352

http://www.vupen.com/english/advisories/2009/3574

https://exchange.xforce.ibmcloud.com/vulnerabilities/54841

http://secunia.com/advisories/37810

http://securitytracker.com/id?1023360

http://tools.cisco.com/security/center/viewAlert.x?alertId=19499

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml

http://www.fortiguard.com/advisory/FGA-2009-48.html

http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.heap.overflow.html

http://www.osvdb.org/61129

http://www.securityfocus.com/bid/37352

http://www.vupen.com/english/advisories/2009/3574

https://exchange.xforce.ibmcloud.com/vulnerabilities/54841