CVE-2009-2880Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Webex

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
9.3CRITICALNVD
EPSS
2.5%
top 14.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Webex
Timeline
PublishedDec 18
Latest updateMay 2

Description

Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDcisco/webex26.00, 27.00+1

Patches

Patch: tools.cisco.comPatch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-7w7r-692f-6f39: Buffer overflow in atrpui2022-05-02
CVEList
CVE-2009-2880: Buffer overflow in atrpui2009-12-18

💥Exploits & PoCs

1
Exploit-DB
BlazeVideo HDTV Player 6.6 Professional - Universal ASLR + DEP Bypass2011-10-07

📋Vendor Advisories

1
Cisco
Multiple Cisco WebEx WRF Player Vulnerabilities2009-12-16
CVE-2009-2880 — Cisco Webex vulnerability | cvebase