#VU362 Denial of service in Cisco WebEx Meetings Player - CVE-2016-1415
Published: September 7, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU362
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-1415
CWE-ID: CWE-399
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Cisco WebEx Meetings Player
Cisco WebEx Meetings Player
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows attackers to cause denial of service.
The vulnerability exists due to an error while parsing WRF files. A remote attacker can trick the victim into loading malicious WRF file using Cisco WebEx Meetings Player and cause application crash.
Successful exploitation of this vulnerability will allow an attacker to crash the application.
Remediation
Cisco has released free software updates that address the vulnerability described in this advisory: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html