CVE-2010-3042 - Vulnerability Details - OpenCVE

Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Webex Advanced Recording Format Player Webex Recording Format Player

Configuration 1 [-]

OR	cpe:2.3:a:cisco:webex_recording_format_player:26.49:::::::*
	cpe:2.3:a:cisco:webex_recording_format_player:27.10:::::::*
	cpe:2.3:a:cisco:webex_recording_format_player:27.11.0.3328:::::::*
	cpe:2.3:a:cisco:webex_recording_format_player:27.12:::::::*
	cpe:2.3:a:cisco:webex_recording_format_player:27.13:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:cisco:webex_advanced_recording_format_player:26.49:::::::*
	cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.10:::::::*
	cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.11.0.3328:::::::*
	cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.12:::::::*
	cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.13:::::::*

No data.

References

Link	Providers
http://securitytracker.com/id?1025016
http://tools.cisco.com/security/center/viewAlert.x?alertId=22016
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml
http://www.securityfocus.com/bid/46075
https://exchange.xforce.ibmcloud.com/vulnerabilities/65073

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2011-02-02T22:00:00

Updated: 2024-08-07T02:55:46.708Z

Reserved: 2010-08-17T00:00:00

Link: CVE-2010-3042

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-02-02T23:00:31.050

Modified: 2024-11-21T01:17:55.773

Link: CVE-2010-3042

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20110201 Multiple Cisco WebEx Player Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016"}, {"name": "46075", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46075"}, {"name": "1025016", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1025016"}, {"name": "cisco-arf-bo(65073)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65073"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2010-3042", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20110201 Multiple Cisco WebEx Player Vulnerabilities", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml"}, {"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016", "refsource": "CONFIRM", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016"}, {"name": "46075", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46075"}, {"name": "1025016", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1025016"}, {"name": "cisco-arf-bo(65073)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65073"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:55:46.708Z"}, "title": "CVE Program Container", "references": [{"name": "20110201 Multiple Cisco WebEx Player Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016"}, {"name": "46075", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/46075"}, {"name": "1025016", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1025016"}, {"name": "cisco-arf-bo(65073)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65073"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2010-3042", "datePublished": "2011-02-02T22:00:00", "dateReserved": "2010-08-17T00:00:00", "dateUpdated": "2024-08-07T02:55:46.708Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:26.49:*:*:*:*:*:*:*", "matchCriteriaId": "BA595A90-DF5A-406C-ABF3-B1A77C558A7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.10:*:*:*:*:*:*:*", "matchCriteriaId": "1B242684-7692-4F50-8419-587F0DCBC376", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.11.0.3328:*:*:*:*:*:*:*", "matchCriteriaId": "176F29FD-9938-4D62-90EF-B7EEEA345B0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.12:*:*:*:*:*:*:*", "matchCriteriaId": "6D126564-E0D1-4E25-BD83-B10EF9AFBDA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.13:*:*:*:*:*:*:*", "matchCriteriaId": "F4D92FB5-277D-43B8-8200-43E1FE102BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:26.49:*:*:*:*:*:*:*", "matchCriteriaId": "34E69005-589F-48AD-8E47-14515D3B821D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.10:*:*:*:*:*:*:*", "matchCriteriaId": "D7993427-15B5-453E-B119-5D813AB7D679", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.11.0.3328:*:*:*:*:*:*:*", "matchCriteriaId": "722F62C7-106D-453A-8E1C-A7F6B495D77F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.12:*:*:*:*:*:*:*", "matchCriteriaId": "A7BAD3E5-99DA-4075-B081-4C79093A5975", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_advanced_recording_format_player:27.13:*:*:*:*:*:*:*", "matchCriteriaId": "40FC3D3B-6D9A-4C08-9E98-08215071C64C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en Cisco WebEx Recording Format (WRF) y Advanced Recording Format (ARF) Players T27LB anteriores a SP21 EP3 y T27LC anteriores a SP22, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o ejecutar c\u00f3digo de su elecci\u00f3n mediante ficheros (1) .wrf or (2) .arf manipulados, es una vulnerabilidad distinta a CVE-2010-3041, CVE-2010-3043, y CVE-2010-3044."}], "id": "CVE-2010-3042", "lastModified": "2024-11-21T01:17:55.773", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-02-02T23:00:31.050", "references": [{"source": "ykramarz@cisco.com", "url": "http://securitytracker.com/id?1025016"}, {"source": "ykramarz@cisco.com", "tags": ["Patch"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016"}, {"source": "ykramarz@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/46075"}, {"source": "ykramarz@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65073"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1025016"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/46075"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65073"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}