Cisco Jabber for Windows 9.x < 9.2(2) 'Send Screen Capture' File Write

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The version of Cisco Jabber for Windows on the remote host is affected
by an arbitrary file write vulnerability.

Description :

The version of Cisco Jabber for Windows installed on the remote host is
9.x prior to 9.2(2). It is, therefore, affected by an input validation
error related to the 'Send Screen Capture' functionality that could
allow a remote attacker to traverse directories, write arbitrary files
and possibly execute arbitrary code.

See also :

http://www.nessus.org/u?7ffd6b52
http://tools.cisco.com/security/center/viewAlert.x?alertId=32451

Solution :

Upgrade to Cisco Jabber for Windows 9.2(2) or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 72728 ()

Bugtraq ID: 64965

CVE ID: CVE-2014-0666