Skip Ribbon Commands
Skip to main content
Computer Security Incident Response Team of Mauritius (CERT-MU)

VN-2017-18


Vulnerability in Cisco WebEx browser extensions
Severity Rating: High
System Affected:  
 
The following versions of the Cisco WebEx browser extensions are affected:
·         versions prior to 1.0.7 of the Cisco WebEx Extension on Google Chrome
·         versions prior to 106 of the ActiveTouch General Plugin Container on Mozilla Firefox
·         versions prior to 10031.6.2017.0127 of the GpcContainer Class ActiveX control file on Internet Explorer
 
Description:
 
 A vulnerability has been identified in Cisco WebEx browser extensions which could allow an unauthenticated, remote attacker to cause execution of arbitrary code with the privileges of the affected browser on an affected system. The vulnerability exists due to a design defect in an application programing interface (API) response parser within the plugin. Moreover, an attacker may be able to convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser.
Source:
Solution
Users are advised to apply updates.
More information is available on:
Cisco Security Advisory
 
Vendor Information
Cisco
 
CVE Information
 
References
Cisco Security Advisory
 
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis