CVE-2011-3319

Related Files

Zero Day Initiative Advisory 11-341

Posted Dec 8, 2011

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-341 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within atdl2006.dll. The vulnerability is caused by lack of validation when parsing WRF files. A specially crafted WRF file will cause the application to incorrectly push a size value to a memcpy, allowing for corruption of heap memory. An attacker can leverage this vulnerability to execute arbitrary code on the target system under the context of the current user.

tags | advisory, remote, arbitrary

systems | cisco

advisories | CVE-2011-3319

SHA-256 | 5c6949e6b0eb36f74456cb25567b1e74b31591741a2cf52ed895cf5427bb2ef4

Download | Favorite | View

Cisco Security Advisory 20111026-webex

Posted Oct 26, 2011

Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, remote, overflow, arbitrary, vulnerability

systems | cisco

advisories | CVE-2011-3319, CVE-2011-4004

SHA-256 | 93098b1c8b18a2d59ce380850b242f12efed51851a996b3df39030b3402f083e

Download | Favorite | View