CVE-2016-1464
published 2016-09-03CVE-2016-1464: Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID…
PriorityP352high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
9.98%
95.0th percentile
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | webex_meetings_player | — | — |
| cisco | webex_wrf_player_t29 | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_cisco9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2r6v-2267-cw2r: Cisco WebEx Meetings Player T29
ghsa_unreviewed·2022-05-17
CVE-2016-1464 [HIGH] CWE-20 GHSA-2r6v-2267-cw2r: Cisco WebEx Meetings Player T29
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.
Cisco
Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability
vendor_cisco·2016-08-31·CVSS 9.3
CVE-2016-1464 [CRITICAL] CWE-20 Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability
Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability
A vulnerability in Cisco WebEx Meetings Player could allow an unauthenticated, remote attacker to execute arbitrary code.
The vulnerability is due to improper handling of user-supplied files. An attacker could exploit this vulnerability by persuading a user to open a malicious WRF file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the system with the privileges of the user.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-play
Cisco
Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability
vendor_cisco
CVE-2016-1464 Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability
CVE-2016-1464: Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability
A vulnerability in Cisco WebEx Meetings Player could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper handling of user-supplied files. An attacker could exploit this vulnerability by persuading a user to open a malicious WRF file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the system with the privileges of the user. Cisco has released software updates that address this vulnerability.
CWE: CWE-20, CWE-20
Bug IDs: CSCva09375
No detection rules found.
No writeups or analysis indexed.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-playerhttp://www.securityfocus.com/bid/92708http://www.securitytracker.com/id/1036712https://www.exploit-db.com/exploits/40508/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-playerhttp://www.securityfocus.com/bid/92708http://www.securitytracker.com/id/1036712https://www.exploit-db.com/exploits/40508/
2016-09-03
Published