Buffer Overflow in Cisco WebEx Recording Format Player Affects Multiple Versions
CVE-2012-3938

Currently unrated

Key Information:

Vendor: Cisco
Status: Webex Recording Format Player
Vendor: CVE Published:; 25 October 2012

Summary

The Cisco WebEx Recording Format (WRF) player is vulnerable to a buffer overflow that can be exploited by remote attackers. By crafting a malicious WRF file and tricking a user into opening it, an attacker could execute arbitrary code on the affected system. This exploit targets versions T27 before LD SP32 EP10 and T28 before T28.4. Users are advised to apply security updates and exercise caution when handling untrusted WRF files.

References

http://osvdb.org/86143

vdb-entryx_refsource_OSVDB

http://www.securitytracker.com/id?1027639

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/55866

vdb-entryx_refsource_BID

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 25, 2012
Vulnerability Reserved
Jul 10, 2012