CVE-2021-1526

June 21, 2021

A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

Summary:

A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

Reference Links(if available):

  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-kOf8zVT

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    ransomhouse 1

    RansomHouse Ransomware Victim: STERCH – INTERNATIONAL s[.]r[.]o[.]

    April 24, 2024
    ransomhouse 1

    RansomHouse Ransomware Victim: Bank Pembangunan Daerah Banten Tbk PT

    April 24, 2024
    BianLian

    BianLian Ransomware Victim: defi SOLUTIONS[.]

    April 24, 2024
    CISA Logo

    CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

    April 24, 2024
    CISA Logo

    CISA: Joint Guidance on Deploying AI Systems Securely

    April 24, 2024