CVE-2009-2878
Cisco WebEx WRF Player Remote Code Execution via Crafted WRF File
Title source: llmDescription
Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879.
References (16)
Core 16
Core References
Patch, Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
Vendor Advisory x_refsource_misc
http://www.fortiguard.com/advisory/FGA-2009-48.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37810
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/61128
Patch, Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
Various Sources x_refsource_misc
http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-013-cisco.html
Patch, Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewAlert.x?alertId=19499
Patch, Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
Patch, Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1023360
Patch, Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3574
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37352
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54841
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml
Scores
EPSS
0.0513
EPSS Percentile
91.4%
Details
CWE
CWE-119
Status
published
Products (2)
cisco/webex
26.00 (3 CPE variants)
cisco/webex
27.00 (3 CPE variants)
Published
Dec 18, 2009
Tracked Since
Feb 18, 2026