Denial of Service Vulnerability in Cisco WebEx Network Recording Player
CVE-2017-12367

9.6CRITICAL

Key Information:

Vendor

Cisco
Status
Cisco Webex Recording Format And Advanced Recording Format Players
Vendor
CVE Published:
30 November 2017

What is CVE-2017-12367?

A vulnerability exists in Cisco WebEx Network Recording Player that allows attackers to exploit malicious Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. Attackers may send these files through email or URLs, convincing users to open them. This exploitation can cause the WebEx player to crash, and in some scenarios, lead to arbitrary code execution on the user's system. Awareness and timely patching are essential for protection against this threat.

Affected Version(s)

Cisco WebEx Recording Format and Advanced Recording Format Players Cisco WebEx Recording Format and Advanced Recording Format Players

References

http://www.securityfocus.com/bid/102017
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039895
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.