CVE-2017-12368

Description

A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve10584, CSCve10591, CSCve11503, CSCve10658, CSCve11507, CSCve10749, CSCve10744, CSCve11532, CSCve10762, CSCve10764, CSCve11538.

References

Link	Tags
http://www.securityfocus.com/bid/102017	vdb entry third party advisory
http://www.securitytracker.com/id/1039895	vdb entry third party advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2017-12368?: CVE-2017-12368 has been scored as a critical severity vulnerability.
How to fix CVE-2017-12368?: To fix CVE-2017-12368, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2017-12368 being actively exploited in the wild?: It is possible that CVE-2017-12368 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2017-12368?: CVE-2017-12368 affects n/a Cisco WebEx Recording Format and Advanced Recording Format Players.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions