CVE-2019-1855 (CNNVD-201907-231)
中文标题:
Cisco Jabber for Windows 代码问题漏洞
英文标题:
Cisco Jabber for Windows DLL Preloading Vulnerability
漏洞描述
中文描述:
Cisco Jabber for Windows是美国思科(Cisco)公司的一套用于Windows平台的统一通信客户端解决方案。该方案提供了在线状态显示、即时消息、语音等功能。 Cisco Jabber for Windows 12.6(0)之前版本中的加载机制存在代码问题漏洞,该漏洞源于在运行时,程序没有充分地验证该应用程序所加载的资源。本地攻击者可借助恶意的DLL文件利用该漏洞以其他用户权限在目标设备上执行任意代码。
英文描述:
A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the Jabber application launches. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user's account.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Jabber for Windows | - | < 12.6(0) | - |
cpe:2.3:a:cisco:cisco_jabber_for_windows:*:*:*:*:*:*:*:*
|
| cisco | jabber | * | - | - |
cpe:2.3:a:cisco:jabber:*:*:*:*:*:windows:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.0 (cna)
HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2019-1855 |
2025-11-11 15:20:08 | 2025-11-11 07:35:40 |
| NVD | nvd_CVE-2019-1855 |
2025-11-11 14:56:23 | 2025-11-11 07:44:10 |
| CNNVD | cnnvd_CNNVD-201907-231 |
2025-11-11 15:10:13 | 2025-11-11 07:54:42 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 代码问题
- cnnvd_id: 未提取 -> CNNVD-201907-231
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']