Remote code execution in Cisco WebEx Meetings Player - CVE-2016-1464
Published: September 7, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU361
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2016-1464
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Cisco Systems, Inc
Affected software:
Cisco WebEx Meetings Player
Cisco WebEx Meetings Player
Detailed vulnerability description
The vulnerability allows remote attackers to execute arbitrary code on vulnerable system.
The vulnerability exists due to an error while parsing WRF files. A remote attacker can trick the victim into loading malicious WRF file using Cisco WebEx Meetings Player and execute arbitrary code on the target system.
Successful exploitation of this vulnerability will allow an attacker to compromise vulnerable system.
How to mitigate CVE-2016-1464
Cisco has released free software updates that address the vulnerability described in this advisory: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html