Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)


Vulnerability in Cisco WebEx browser extensions
Severity Rating: High
System Affected:  
The following versions of the Cisco WebEx browser extensions are affected:
·         versions prior to 1.0.7 of the Cisco WebEx Extension on Google Chrome
·         versions prior to 106 of the ActiveTouch General Plugin Container on Mozilla Firefox
·         versions prior to 10031.6.2017.0127 of the GpcContainer Class ActiveX control file on Internet Explorer
 A vulnerability has been identified in Cisco WebEx browser extensions which could allow an unauthenticated, remote attacker to cause execution of arbitrary code with the privileges of the affected browser on an affected system. The vulnerability exists due to a design defect in an application programing interface (API) response parser within the plugin. Moreover, an attacker may be able to convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser.
Users are advised to apply updates.
More information is available on:
Cisco Security Advisory
Vendor Information
CVE Information
Cisco Security Advisory
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis