Buffer Overflow Vulnerability in Cisco WebEx Recording Player
CVE-2018-0103

7.8HIGH

Key Information:

Vendor: Cisco
Status: Cisco Webex Network Recording Player
Vendor: CVE Published:; 4 January 2018

Summary

A buffer overflow vulnerability exists in Cisco WebEx Network Recording Player when handling Advanced Recording Format (ARF) files. This security flaw enables local attackers to exploit the system by crafting malicious ARF files, which may be delivered via email attachments or links. If a victim unknowingly opens the malicious ARF file, the attacker could execute arbitrary code on the affected machine, thus compromising user data and system integrity. This issue impacts various Cisco WebEx products, including the Business Suite, Meetings sites, Meetings Server, and ARF player.

Affected Version(s)

Cisco WebEx Network Recording Player Cisco WebEx Network Recording Player

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102369

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 4, 2018
Vulnerability Reserved
Nov 27, 2017