漏洞信息详情
Cisco WebEx WRF文件解析多个缓冲区溢出漏洞
- CNNVD编号:CNNVD-200912-260
- 危害等级: 超危
- CVE编号: CVE-2009-2877
- 漏洞类型: 缓冲区溢出
- 发布时间: 2009-12-18
- 威胁类型: 远程
- 更新时间: 2009-12-21
- 厂 商: cisco
- 漏洞来源: Xiaopeng ZhangZhen...
漏洞简介
Cisco WebEx WRF Player用于播放与会者在电脑上所记录的WebEx会议记录。
WRF Player中存在多个缓冲区溢出漏洞,可能导致WRF Player应用崩溃,或在某些情况下导致远程执行代码。
如果要利用这个漏洞,WRF Player必须要打开恶意的WRF文件。攻击者可通过直接向用户提供恶意的WRF文件(如通过e-mail)或诱骗用户访问恶意站点来实现。用户参加WebEx会议不会触发这个漏洞。
漏洞公告
目前厂商还没有提供此漏洞的相关补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.cisco.com/en/US/hmpgs/index.HTML
参考网址
来源: VUPEN
名称: ADV-2009-3574
链接:http://www.vupen.com/english/advisories/2009/3574
来源: BID
名称: 37352
链接:http://www.securityfocus.com/bid/37352
来源: CISCO
名称: 20091216 Multiple Cisco WebEx WRF Player Vulnerabilities
链接:http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.sHTML
来源: tools.cisco.com
链接:http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
来源: tools.cisco.com
链接:http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
来源: tools.cisco.com
链接:http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
来源: tools.cisco.com
链接:http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
来源: tools.cisco.com
链接:http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
来源: tools.cisco.com
链接:http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
来源: tools.cisco.com
链接:http://tools.cisco.com/security/center/viewAlert.x?alertId=19499
来源: XF
名称: cisco-webex-wrf-bo(54841)
链接:http://xforce.iss.net/xforce/xfdb/54841
来源: OSVDB
名称: 61127
链接:http://www.osvdb.org/61127
来源: MISC
链接:http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.ataudio.buffer.overflow.HTML
来源: MISC
链接:http://www.fortiguard.com/advisory/FGA-2009-48.HTML
来源: SECTRACK
名称: 1023360
链接:http://securitytracker.com/id?1023360
来源: SECUNIA
名称: 37810
链接:http://secunia.com/advisories/37810
受影响实体
- Cisco Webex:26.00:Windows
- Cisco Webex:27.00:Windows
- Cisco Webex:27.00:Linux
- Cisco Webex:26.00:Linux
- Cisco Webex:26.00:Mac_os_x
补丁
暂无
评论