The Cisco WebEx extensions for Chrome, Firefox, and Internet Explorer allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable Windows system.
Cisco WebEx is a suite of online meeting software. WebEx meetings are usually joined through a web browser link. The WebEx software is launched through use of a web browser extension. The Cisco WebEx web browser extension allows a remote attacker to execute arbitrary code on a vulnerable Windows system.
The WebEx Google Chrome extension versions older than 1.0.7 are affected.
By convincing a user to visit a specially-crafted web page, a remote attacker may be able to execute arbitrary code on a vulnerable system.
Apply an update
Disable the WebEx ActiveX control in Internet Explorer
This vulnerability was publicly reported by Tavis Ormandy.
This document was written by Will Dormann.
|Date First Published:||2017-01-27|
|Date Last Updated:||2017-01-27 18:55 UTC|