MyCERT Advisories

MyCERT Advisories, Alerts and Summaries for the year 2017

MA-647.022017: MyCERT Advisory - Cisco WebEx Browser Extension Remote Code Execution Vulnerability
Date first published: 1/2/2017

1.0 Introduction
Cisco has released security updates to address a vulnerability in its WebEx browser extensions. 

2.0 Impact
Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

3.0 Affected Products
The following versions of the Cisco WebEx browser extensions are affected by the vulnerability:
 Versions prior to 1.0.7 of the Cisco WebEx Extension on Google Chrome
 Versions prior to 106 of the ActiveTouch General Plugin Container on Mozilla Firefox
 Versions prior to 10031.6.2017.0126 of the GpcContainer Class ActiveX control file on Internet Explorer

4.0 Recommendation
MyCERT highly recommended users of these applications to upgrade to the latest version of the affected products. Kindly refer to below URL for instructions on how to update the browser extension:

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442 
Handphone: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT
Cyber999 Mobile Apps: IOS Users or Android Users

5.0 References