CVE-2009-2876: Buffer Overflow
First published: Fri Dec 18 2009(Updated: )
Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Webex Platform | =26.00 | |
| Cisco Webex Platform | =27.00 | |
| Cisco Webex Platform | =27.00 | |
| Cisco Webex Platform | =26.00 | |
| Cisco Webex Platform | =26.00 | |
| Cisco Webex Platform | =27.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-012-cisco.html
- http://secunia.com/advisories/37810
- http://securitytracker.com/id?1023360
- http://tools.cisco.com/security/center/viewAlert.x?alertId=19499
- http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
- http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
- http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
- http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
- http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
- http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml
- http://www.fortiguard.com/advisory/FGA-2009-48.html
- http://www.osvdb.org/61126
- http://www.securityfocus.com/bid/37352
- http://www.vupen.com/english/advisories/2009/3574
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54841
Frequently Asked Questions
What is the severity of CVE-2009-2876?
CVE-2009-2876 is classified as a high severity vulnerability due to its potential to allow remote attackers to execute arbitrary code on affected systems.
How do I fix CVE-2009-2876?
To fix CVE-2009-2876, update the Cisco WebEx WRF Player to version 26.49.32 or later for 26.x versions, or to version 27.10.x or later for 27.x versions.
What software is affected by CVE-2009-2876?
CVE-2009-2876 affects Cisco WebEx WRF Player versions 26.x prior to 26.49.32 and 27.x prior to 27.10.x on Windows, Linux, and Mac OS X.
What type of attack can CVE-2009-2876 facilitate?
CVE-2009-2876 can facilitate remote code execution attacks, allowing attackers to run arbitrary code on vulnerable systems.
Is there a workaround for CVE-2009-2876?
There are no known workarounds for CVE-2009-2876, thus upgrading to a patched version is the advised mitigation.
- agent/references
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco webex platform
- version/cisco webex platform/26.00
- version/cisco webex platform/27.00