Description
Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to use of a function pointer in a callback mechanism.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65076
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1025015
Patch x_refsource_misc
http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516095/100/0/threaded
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0261
Patch x_refsource_confirm
http://tools.cisco.com/security/center/viewAlert.x?alertId=22016
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46075
Scores
EPSS
0.1141
EPSS Percentile
95.5%
Details
CWE
CWE-119
Status
published
Products (10)
cisco/webex_advanced_recording_format_player
26.49
cisco/webex_advanced_recording_format_player
27.10
cisco/webex_advanced_recording_format_player
27.11.0.3328
cisco/webex_advanced_recording_format_player
27.12
cisco/webex_advanced_recording_format_player
27.13
cisco/webex_recording_format_player
26.49
cisco/webex_recording_format_player
27.10
cisco/webex_recording_format_player
27.11.0.3328
cisco/webex_recording_format_player
27.12
cisco/webex_recording_format_player
27.13
Published
Feb 02, 2011
Tracked Since
Feb 18, 2026