CVE-2010-3269: Buffer Overflow
First published: Wed Feb 02 2011(Updated: )
Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to use of a function pointer in a callback mechanism.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Webex Player | =27.10 | |
| Cisco Webex Player | =26.49 | |
| Cisco Webex Player | =27.13 | |
| Cisco Webex Player | =27.12 | |
| Cisco Webex Player | =27.11.0.3328 | |
| Cisco WebEx WRF Player | =27.11.0.3328 | |
| Cisco WebEx WRF Player | =26.49 | |
| Cisco WebEx WRF Player | =27.12 | |
| Cisco WebEx WRF Player | =27.10 | |
| Cisco WebEx WRF Player | =27.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securitytracker.com/id?1025015
- http://www.vupen.com/english/advisories/2011/0261
- http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml
- http://tools.cisco.com/security/center/viewAlert.x?alertId=22016
- http://www.securityfocus.com/bid/46075
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65076
- http://www.securityfocus.com/archive/1/516095/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2010-3269?
CVE-2010-3269 has been classified as a high severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2010-3269?
To mitigate CVE-2010-3269, users should upgrade to the latest version of the Cisco WebEx Recording Format Player that is not affected by this vulnerability.
What impact does CVE-2010-3269 have on affected applications?
CVE-2010-3269 can lead to arbitrary code execution when a user opens a malformed .wrf or .arf file in the vulnerable player.
Which versions of Cisco software are affected by CVE-2010-3269?
CVE-2010-3269 affects various versions of the Cisco WebEx Recording Format Player including versions before SP21 EP3 for T27LB and before SP22 for T27LC.
Can CVE-2010-3269 be exploited remotely?
Yes, CVE-2010-3269 can be exploited remotely by an attacker through specially crafted WRF or ARF files.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco webex player
- version/cisco webex player/27.10
- version/cisco webex player/26.49
- version/cisco webex player/27.13
- version/cisco webex player/27.12
- version/cisco webex player/27.11.0.3328
- canonical/cisco webex wrf player
- version/cisco webex wrf player/27.11.0.3328
- version/cisco webex wrf player/26.49
- version/cisco webex wrf player/27.12
- version/cisco webex wrf player/27.10
- version/cisco webex wrf player/27.13