漏洞信息详情
Cisco WebEx WRF文件解析多个缓冲区溢出漏洞
- CNNVD编号:CNNVD-200912-258
- 危害等级: 超危
- CVE编号: CVE-2009-2875
- 漏洞类型: 缓冲区溢出
- 发布时间: 2009-12-18
- 威胁类型: 远程
- 更新时间: 2009-12-21
- 厂 商: cisco
- 漏洞来源: Xiaopeng ZhangZhen...
漏洞简介
Cisco WebEx WRF Player用于播放与会者在电脑上所记录的WebEx会议记录。
Windows中Cisco WebEx WRF Player的atas32.dll、Mac OS X和Linux中的Cisco WebEx WRF Player存在缓冲溢出漏洞。远程攻击者可以借助特制的WebEx Recording Format (WRF)文件,导致拒绝服务(应用程序崩溃)或执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://www.cisco.com/warp/public/707/cisco-sa-20091216-webex.sHTML
参考网址
来源: VUPEN
名称: ADV-2009-3574
链接:http://www.vupen.com/english/advisories/2009/3574
来源: CISCO
名称: 20091216 Multiple Cisco WebEx WRF Player Vulnerabilities
链接:http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.sHTML
来源: tools.cisco.com
链接:http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
来源: tools.cisco.com
链接:http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
来源: tools.cisco.com
链接:http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
来源: tools.cisco.com
链接:http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
来源: tools.cisco.com
链接:http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
来源: tools.cisco.com
链接:http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
来源: tools.cisco.com
链接:http://tools.cisco.com/security/center/viewAlert.x?alertId=19499
来源: XF
名称: cisco-webex-wrf-bo(54841)
链接:http://xforce.iss.net/xforce/xfdb/54841
来源: BID
名称: 37352
链接:http://www.securityfocus.com/bid/37352
来源: OSVDB
名称: 61125
链接:http://www.osvdb.org/61125
来源: MISC
链接:http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.dos.HTML
来源: MISC
链接:http://www.fortiguard.com/advisory/FGA-2009-48.HTML
来源: SECTRACK
名称: 1023360
链接:http://securitytracker.com/id?1023360
来源: SECUNIA
名称: 37810
链接:http://secunia.com/advisories/37810
受影响实体
- Cisco Webex:26.00:Windows
- Cisco Webex:27.00:Windows
- Cisco Webex:27.00:Linux
- Cisco Webex:26.00:Linux
- Cisco Webex:26.00:Mac_os_x
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论