Description
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.
Affected products
- Cisco / unified_callmanager3.3 – 3.3\(5\)sr2
- Cisco / unified_callmanager5.0 – 5.0
- Cisco / unified_communications_manager4.3 – 4.3\(1\)
References
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/19057
- MISChttp://www.iss.net/threats/271.html
- VENDOR_ADVISORYhttp://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/2512
- VENDOR_ADVISORYhttp://secunia.com/advisories/26043
- MISChttp://www.securityfocus.com/bid/24868
- MISChttp://securitytracker.com/id?1018369
- MISChttp://www.osvdb.org/36121