CVE-2009-2876

Cisco WebEx WRF Player Remote Code Execution via Crafted WRF File

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879.

References (16)

Core 16
Core References
Vendor Advisory x_refsource_misc
http://www.fortiguard.com/advisory/FGA-2009-48.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37810
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/61126
Patch, Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewAlert.x?alertId=19499
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023360
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3574
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37352
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54841
Patch, Vendor Advisory vendor-advisory x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml

Scores

EPSS 0.0513
EPSS Percentile 91.4%

Details

CWE
CWE-119
Status published
Products (2)
cisco/webex 26.00 (3 CPE variants)
cisco/webex 27.00 (3 CPE variants)
Published Dec 18, 2009
Tracked Since Feb 18, 2026