Main Vulnerability Database SB2016090701

SB2016090701 - Two vulnerabilities in Cisco WebEx Meetings Player

Published: September 7, 2016

Security Bulletin ID SB2016090701

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Denial of service (CVE-ID: CVE-2016-1415)

The vulnerability allows attackers to cause denial of service.

The vulnerability exists due to an error while parsing WRF files. A remote attacker can trick the victim into loading malicious WRF file using Cisco WebEx Meetings Player and cause application crash.

Successful exploitation of this vulnerability will allow an attacker to crash the application.

2) Remote code execution (CVE-ID: CVE-2016-1464)

The vulnerability allows remote attackers to execute arbitrary code on vulnerable system.

The vulnerability exists due to an error while parsing WRF files. A remote attacker can trick the victim into loading malicious WRF file using Cisco WebEx Meetings Player and execute arbitrary code on the target system.

Successful exploitation of this vulnerability will allow an attacker to compromise vulnerable system.

Remediation

Install update from vendor's website.

SB2016090701 - Two vulnerabilities in Cisco WebEx Meetings Player

Breakdown by Severity

Description

Remediation

References

Please verify you're human