Cisco Jabber for Windows 9.x < 9.2(2) 'Send Screen Capture' File Write

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.

Synopsis :

The version of Cisco Jabber for Windows on the remote host is affected
by an arbitrary file write vulnerability.

Description :

The version of Cisco Jabber for Windows installed on the remote host is
9.x prior to 9.2(2). It is, therefore, affected by an input validation
error related to the 'Send Screen Capture' functionality that could
allow a remote attacker to traverse directories, write arbitrary files
and possibly execute arbitrary code.

See also :

Solution :

Upgrade to Cisco Jabber for Windows 9.2(2) or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 72728 ()

Bugtraq ID: 64965

CVE ID: CVE-2014-0666

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now