CVE-2017-12370

Description

A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf38060, CSCvg54836, CSCvf38077, CSCvg54843, CSCvf38084, CSCvg54850.

References

Link	Tags
http://www.securityfocus.com/bid/102017	third party advisory vdb entry
http://www.securitytracker.com/id/1039895	third party advisory vdb entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2017-12370?: CVE-2017-12370 has been scored as a critical severity vulnerability.
How to fix CVE-2017-12370?: To fix CVE-2017-12370, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2017-12370 being actively exploited in the wild?: It is possible that CVE-2017-12370 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2017-12370?: CVE-2017-12370 affects n/a Cisco WebEx Recording Format and Advanced Recording Format Players.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions