HTTP: Cisco WebEx Player ATAS32.DLL Remote Code Execution
This signature detects attempt to exploit a known vulnerability in Cisco WebEx Player. The vulnerability exists in ATAS32.DLL and is due to insufficient validation of WebEx Recording Format (WRF) files. Successful exploitation would result in execution of arbitrary code on the target host in the context of the application.
Extended Description
Cisco WebEx is prone to multiple remote buffer-overflow vulnerabilities. An attacker can exploit these issues to execute arbitrary code with the privileges of the affected application. Failed exploit attempts may result in a denial-of-service condition.
Affected Products
Cisco webex_(windows)
References
BugTraq: 50373
CVE: CVE-2011-4004
URL: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex
Short Name
HTTP:STC:DL:MAL-WEBEX-WRF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ATAS32.DLL CVE-2011-4004 Cisco Code Execution Player Remote WebEx bid:50373
Release Date
12/07/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Cisco
CVSS Score
9.3