Heap-based Buffer Overflow in Cisco WebEx Recording Format Player
CVE-2014-2134

Currently unrated

Key Information:

Vendor: Cisco
Status: Webex Recording Format Player; Webex Advanced Recording Format Player
Vendor: CVE Published:; 8 May 2014

Summary

A heap-based buffer overflow vulnerability exists in the Cisco WebEx Recording Format (WRF) player, affecting certain versions prior to SP32 EP16 for T27 LD, T28 before T28.12, and T29 before T29.2. This flaw allows remote attackers to execute arbitrary code or trigger a denial of service condition by sending a specially crafted audio channel in a .wrf file. Successful exploitation can lead to memory corruption and cause the application to crash, posing a significant risk to users.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
May 8, 2014
Vulnerability Reserved
Feb 25, 2014