|
|
|
|
| |
Credit:
The information has been provided by Aniway.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-11-341/
|
| |
Vulnerable Systems:
* Cisco WebEx
User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within atdl2006.dll. The vulnerability is caused by lack of validation when parsing WRF files. A specially crafted WRF file will cause the application to incorrectly push a size value to a memcpy, allowing for corruption of heap memory. An attacker can leverage this vulnerability to execute arbitrary code on the target system under the context of the current user.
Patch Availability:
Cisco has issued an update to correct this vulnerability. More details can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex
CVE Information:
CVE-2011-3319
Disclosure Timeline:
2011-05-25 - Vulnerability reported to vendor
2011-12-07 - Coordinated public release of advisory
|
|
|
|
|
