MyCERT Advisories, Alerts and Summaries for the year 2017
MA-647.022017: MyCERT Advisory - Cisco WebEx Browser Extension Remote Code Execution Vulnerability
Date first published: 1/2/2017
Cisco has released security updates to address a vulnerability in its WebEx browser extensions.
Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.
3.0 Affected Products
The following versions of the Cisco WebEx browser extensions are affected by the vulnerability:
• Versions prior to 1.0.7 of the Cisco WebEx Extension on Google Chrome
• Versions prior to 106 of the ActiveTouch General Plugin Container on Mozilla Firefox
• Versions prior to 10031.6.2017.0126 of the GpcContainer Class ActiveX control file on Internet Explorer
MyCERT highly recommended users of these applications to upgrade to the latest version of the affected products. Kindly refer to below URL for instructions on how to update the browser extension:
Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442
Handphone: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT