#VU361 Remote code execution in Cisco WebEx Meetings Player - CVE-2016-1464
Published: September 7, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU361
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2016-1464
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Cisco WebEx Meetings Player
Cisco WebEx Meetings Player
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows remote attackers to execute arbitrary code on vulnerable system.
The vulnerability exists due to an error while parsing WRF files. A remote attacker can trick the victim into loading malicious WRF file using Cisco WebEx Meetings Player and execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow an attacker to compromise vulnerable system.
Remediation
Cisco has released free software updates that address the vulnerability described in this advisory: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html