| CNNVD-ID编号 | CNNVD-201901-852 | CVE编号 | CVE-2019-1638 |
| 发布时间 | 2019-01-24 | 更新时间 | 2019-10-17 |
| 漏洞类型 | 缓冲区错误 | 漏洞来源 | Kushal Arvind Shah and Yonghui Han of Fortinet.,Zero Day Initiative,The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. |
| 危险等级 | 高危 | 威胁类型 | 本地 |
| 厂商 | N/A | ||
Cisco Webex Business Suite WBS32 sites等都是美国思科(Cisco)公司的视频会议解决方案。Cisco Webex Network Recording Player for Windows和Webex Player for Windows都是其中的基于Windwos平台的用于播放视频会议记录的播放器。
基于Windows平台的Cisco Webex Network Recording Player和Webex Player中存在缓冲区错误漏洞,该漏洞源于程序错误地验证了ARF和WRF文件。攻击者可通过链接或邮件附件发送恶意的ARF或WRF文件并诱使用户打开该文件利用该漏洞在受影响系统的上下文中执行任意代码。以下产品受到影响:Cisco Webex Business Suite WBS32 sites;Webex Business Suite WBS33 sites;Webex Meetings Online;Webex Meetings Server。
目前厂商已发布升级了Cisco Webex Network Recording Player和Webex Player for Windows 缓冲区错误漏洞的补丁,Cisco Webex Network Recording Player和Webex Player for Windows 缓冲区错误漏洞的补丁获取链接:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce
暂无
计算
安全
数据库
网络和加速
AI应用
