An issue exists in the Cisco WebEx Extension prior to 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container prior to 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin prior to 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin prior to 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote malicious user to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco activetouch general plugin container 105 |
||
cisco webex |
||
cisco download manager 2.1.0.9 |
||
cisco gpccontainer class |
||
cisco webex meetings server 2.0_mr7 |
||
cisco webex meetings server 2.0_mr8 |
||
cisco webex meetings server 2.5_mr1 |
||
cisco webex meetings server 2.5_mr2 |
||
cisco webex meetings server 2.5_mr6 |
||
cisco webex meetings server 2.6_mr3 |
||
cisco webex meetings server 2.7_base |
||
cisco webex meetings server 2.0_base |
||
cisco webex meetings server 2.0_mr2 |
||
cisco webex meetings server 2.0_mr9 |
||
cisco webex meetings server 2.5_mr3 |
||
cisco webex meetings server 2.6_base |
||
cisco webex meetings server 2.6_mr1 |
||
cisco webex meetings server 2.7_mr1 |
||
cisco webex meetings server 2.0_mr5 |
||
cisco webex meetings server 2.0_mr6 |
||
cisco webex meetings server 2.5_base |
||
cisco webex meetings server 2.5_mr5 |
||
cisco webex meetings server 2.6_mr2 |
||
cisco webex meetings server 2.0_mr3 |
||
cisco webex meetings server 2.0_mr4 |
||
cisco webex meetings server 2.5_mr4 |
||
cisco webex meetings server 2.7_mr2 |
||
cisco webex meeting center t31_base |
||
cisco webex meeting center 2.6_base |
||
cisco webex meeting center 2.7_mr1 |
||
cisco webex meeting center 2.6_mr1 |
||
cisco webex meeting center 2.7_mr2 |
||
cisco webex meeting center t29_base |
||
cisco webex meeting center t30_base |
||
cisco webex meeting center 2.6_mr3 |
||
cisco webex meeting center 2.7_base |
||
cisco webex meeting center 2.6_mr2 |
A quick summary of infosec news to start your week
Roundup Last week we saw someone admit hoarding NSA documents, a Huawei patch bungle, and an axe looming for DXC security employees. Now, here's some extra bits and bytes to start this week and month. If you're running a server hosting VMware's Service Provider portal, you will want to make sure all your software is up to date immediately. That's because the virtualization giant recently put out an advisory for a remote hijacking bug. "VMware vCloud Director for Service Providers update resolves...
Unpatched browser, plug-in bugs targeted by and with 'Disdain' kit
WebEx on Firefox is among the targets of a new exploit kit that's started circulating on Russian nastyware exchanges. The Disdain-based exploit kit is described here by security services outfit IntSights, which says the exploit kit is offered by someone using the handle "Cehceny". David Montenegro (@CryptoInsane) says Disdain is a copy-paste of the open source BEPS exploit kit. IntSights says the kit includes: Disdain is rented on a daily, weekly, or monthly basis at US$80, $500, and $1,400 resp...