CVE-2009-2879Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Webex

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
2.5%
top 14.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Webex
Timeline
PublishedDec 18
Latest updateMay 2

Description

Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDcisco/webex26.00, 27.00+1

Patches

Patch: tools.cisco.comPatch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-5v9w-r7h8-v3f2: Heap-based buffer overflow in atas322022-05-02
CVEList
CVE-2009-2879: Heap-based buffer overflow in atas322009-12-18

📋Vendor Advisories

1
Cisco
Multiple Cisco WebEx WRF Player Vulnerabilities2009-12-16
CVE-2009-2879 — Cisco Webex vulnerability | cvebase