Denial of service in Cisco WebEx Meetings Player - CVE-2016-1415
Published: September 7, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU362
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-1415
CWE-ID: CWE-399
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Cisco Systems, Inc
Affected software:
Cisco WebEx Meetings Player
Cisco WebEx Meetings Player
Detailed vulnerability description
The vulnerability allows attackers to cause denial of service.
The vulnerability exists due to an error while parsing WRF files. A remote attacker can trick the victim into loading malicious WRF file using Cisco WebEx Meetings Player and cause application crash.
Successful exploitation of this vulnerability will allow an attacker to crash the application.
How to mitigate CVE-2016-1415
Cisco has released free software updates that address the vulnerability described in this advisory: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html