Arbitrary Code Execution Vulnerability in Cisco WebEx Meetings Player
CVE-2016-1464

7.8HIGH

Key Information:

Vendor

Cisco
Status
Webex Wrf Player T29
Vendor
CVE Published:
3 September 2016

What is CVE-2016-1464?

The Cisco WebEx Meetings Player version T29.10 contains a security flaw that, when WRF file support is enabled, could allow remote attackers to execute arbitrary code through specially crafted files. This vulnerability highlights the importance of installing the latest security updates and being cautious with file handling in WebEx Meetings Player to prevent unauthorized access and potential exploitation.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id/1036712
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/92708
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.