CVE-2009-2877 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Webex

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

9.3CRITICALNVD

EPSS

2.5%

top 14.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex

Timeline

PublishedDec 18

Latest updateMay 2

Description

Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/webex26.00, 27.00+1

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-vrjm-hxm2-f263: Stack-based buffer overflow in ataudio↗2022-05-02

▶

CVEList

CVE-2009-2877: Stack-based buffer overflow in ataudio↗2009-12-18

▶

📋Vendor Advisories

Cisco

Multiple Cisco WebEx WRF Player Vulnerabilities↗2009-12-16

▶