CVE-2014-2134

Опубликовано: 08 мая 2014

Источник: nvd

CVSS2: 9.3

EPSS Низкий

Описание

Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio channel in a .wrf file, aka Bug ID CSCuc39458.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:webex_advanced_recording_format_player:t27ld:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_advanced_recording_format_player:t28:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_advanced_recording_format_player:t29:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_recording_format_player:t27ld:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_recording_format_player:t28:*:*:*:*:*:*:*

cpe:2.3:a:cisco:webex_recording_format_player:t29:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02202

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-mf57-h38f-62x9

github

больше 3 лет назад