HTTP: Cisco WebEx Recording Format Player atas32.dll Integer Overflow
A code execution vulnerability exists in Cisco WebEx Recording Format (WRF) Player. This vulnerability is due to an integer overflow leading to a heap buffer overflow when processing WRF files. A remote unauthenticated attacker can leverage this vulnerability by crafting a WRF file and enticing the target user to view the malicious file. Successful exploitation would result in execution of arbitrary code on the target host in the context of the currently logged on user.
Extended Description
Cisco WebEx is prone to multiple remote buffer-overflow vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Affected Products
Cisco webex_(windows)
Short Name
HTTP:STC:DL:WEBEX-RECORD-ATAS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2012-1336 Cisco Format Integer Overflow Player Recording WebEx atas32.dll bid:52882
Release Date
05/29/2012
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Cisco
CVSS Score
9.3