Detalji

Otkriven je jedan sigurnosni propust u programskom paketu Cisco WebEx Meeting Center. Radi se o paketu koji omogućuje korisnicima održavanje sastanaka u stvarnom vremenu putem interneta. Propust nastaje prilikom obrade posebno oblikovane ATP datoteke pri čemu dolazi do preljeva međuspremnika stoga. Udaljeni napadač može iskoristiti propust kako bi izveo DoS napad i pokrenuo proizvoljni programski kod. Trenutno nije objavljena nadogradnja, a o svim promjenama korisnici će biti pravovremeno obaviješteni.

Cisco WebEx Meeting Center ATF File Buffer Overflow Vulnerability

VUPEN ID 	VUPEN/ADV-2011-0260
CVE ID 	CVE-2010-3270
 
CWE ID 	Available in VUPEN VNS Customer Area
CVSS V2 	Available in VUPEN VNS Customer Area
Rated as 	Moderate Risk 
Impact 	Available in VUPEN VNS Customer Area
Authentication Level 	Available in VUPEN VNS Customer Area
Access Vector 	Available in VUPEN VNS Customer Area
Release Date 	2011-02-01
Share 	Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

A vulnerability has been identified in Cisco WebEx Meeting Center, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by a buffer overflow error when processing a malformed ATP file, which could be exploited by attackers to crash an affected application or execute arbitrary code.

Affected Products

Cisco WebEx Meeting Center

Solution 

VUPEN Security is not aware of any vendor-supplied patch.

References

http://www.vupen.com/english/advisories/2011/0260
http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=advisory&name=CORE-2010-1001

Credits 

Vulnerability reported by Federico Muttis, Sebastian Tello and Manuel Muradas (Core Security Technologies).

Changelog 

2011-02-01 : Initial release

Idi na vrh