CVE-2012-3940 - Vulnerability Details - OpenCVE

Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72958.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.03713.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco Subscribe	Webex Recording Format Player Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:cisco:webex_recording_format_player:27.11.26:::::::*
	cpe:2.3:a:cisco:webex_recording_format_player:27.21.10:::::::*
	cpe:2.3:a:cisco:webex_recording_format_player:27.25.10:::::::*
	cpe:2.3:a:cisco:webex_recording_format_player:27.32.1:::::::*
	cpe:2.3:a:cisco:webex_recording_format_player:28.0.0:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2012-3884	Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72958.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://osvdb.org/86139
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex
http://www.securityfocus.com/bid/55866
http://www.securitytracker.com/id?1027639

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2012-10-25T14:00:00

Updated: 2024-08-06T20:21:04.220Z

Reserved: 2012-07-10T00:00:00

Link: CVE-2012-3940

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-10-25T14:55:03.767

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-3940

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-10-10T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72958."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-03-02T10:00:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "86139", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/86139"}, {"name": "1027639", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1027639"}, {"name": "55866", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/55866"}, {"name": "20121010 Multiple Vulnerabilities in the Cisco WebEx Recording Format Player", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2012-3940", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72958."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "86139", "refsource": "OSVDB", "url": "http://osvdb.org/86139"}, {"name": "1027639", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1027639"}, {"name": "55866", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55866"}, {"name": "20121010 Multiple Vulnerabilities in the Cisco WebEx Recording Format Player", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:21:04.220Z"}, "title": "CVE Program Container", "references": [{"name": "86139", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/86139"}, {"name": "1027639", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1027639"}, {"name": "55866", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/55866"}, {"name": "20121010 Multiple Vulnerabilities in the Cisco WebEx Recording Format Player", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2012-3940", "datePublished": "2012-10-25T14:00:00", "dateReserved": "2012-07-10T00:00:00", "dateUpdated": "2024-08-06T20:21:04.220Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.11.26:*:*:*:*:*:*:*", "matchCriteriaId": "5EB4D705-80E2-4502-983E-03F2D240D8BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.21.10:*:*:*:*:*:*:*", "matchCriteriaId": "DDE5BFC1-9CF2-4C31-BEAF-70E0DCF5E5FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.25.10:*:*:*:*:*:*:*", "matchCriteriaId": "4F541D65-1266-4CB4-BC4B-7EE5FF582E17", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:27.32.1:*:*:*:*:*:*:*", "matchCriteriaId": "A98020AB-0BBB-4BE8-AAE3-DC86E42D3547", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_recording_format_player:28.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "032D67A1-FE20-44D7-BC33-BE6316A7E15A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72958."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el reproductor Cisco WebEx Recording Format (WRF) T27 anteriores a LD SP32 EP10 y T28 anterior a T28.4, permite a atacantes remotos ejecutar c\u00f3digo de su mediante un fichero WRF manipulado, tambi\u00e9n conocido como Bug ID CSCtz72958."}], "id": "CVE-2012-3940", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-10-25T14:55:03.767", "references": [{"source": "psirt@cisco.com", "url": "http://osvdb.org/86139"}, {"source": "psirt@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex"}, {"source": "psirt@cisco.com", "url": "http://www.securityfocus.com/bid/55866"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id?1027639"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/86139"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/55866"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1027639"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}