All the vulnerabilites related to cisco - activetouch_general_plugin_container
cve-2017-3823
Vulnerability from cvelistv5
Published
2017-02-01 11:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 | x_refsource_MISC | |
| https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html | x_refsource_MISC | |
| https://www.kb.cert.org/vuls/id/909240 | third-party-advisory, x_refsource_CERT-VN | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex | x_refsource_CONFIRM | |
| https://blog.filippo.io/webex-extension-vulnerability/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/95737 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037680 | vdb-entry, x_refsource_SECTRACK | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=1100 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco WebEx browser extensions |
Version: Cisco WebEx browser extensions |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:40.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"name": "VU#909240",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/909240"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"name": "95737",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95737"
},
{
"name": "1037680",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037680"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx browser extensions",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco WebEx browser extensions"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-09T13:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"name": "VU#909240",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/909240"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"name": "95737",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95737"
},
{
"name": "1037680",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037680"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-3823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx browser extensions",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx browser extensions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"name": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"name": "VU#909240",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/909240"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
},
{
"name": "https://blog.filippo.io/webex-extension-vulnerability/",
"refsource": "MISC",
"url": "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"name": "95737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95737"
},
{
"name": "1037680",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037680"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-3823",
"datePublished": "2017-02-01T11:00:00",
"dateReserved": "2016-12-21T00:00:00",
"dateUpdated": "2024-08-05T14:39:40.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-02-01 11:59
Modified
2024-11-21 03:26
Severity ?
Summary
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:activetouch_general_plugin_container:105:*:*:*:*:firefox:*:*",
"matchCriteriaId": "7C4F4E52-9923-47E0-8990-8DB3761C724F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:download_manager:2.1.0.9:*:*:*:*:internet_explorer:*:*",
"matchCriteriaId": "8E2D077D-DB25-4D10-A4DD-7E55CD7B6050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:gpccontainer_class:*:*:*:*:*:internet_explorer:*:*",
"matchCriteriaId": "E7F1F1F5-E057-42F2-878B-CD62E4B7D4E2",
"versionEndIncluding": "10031.6.2017.0125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex:*:*:*:*:*:chrome:*:*",
"matchCriteriaId": "E1B0BEA6-F4C4-4A54-AFF8-E16B4C110AED",
"versionEndIncluding": "1.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "80B9A3E8-DD9D-451B-81A4-BADA16512845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E84A595-4A33-4FA1-AF86-DFCBECAB8D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "56F6DDAE-BD36-4D8D-BC48-DD229F33125A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr4:*:*:*:*:*:*:*",
"matchCriteriaId": "2010E860-9DA9-4706-BEE7-7521BCBC5E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1C2055-272B-403A-9BF8-5FA8CFBC933D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr6:*:*:*:*:*:*:*",
"matchCriteriaId": "346A7C39-AF2E-499F-B77E-0F80787D268E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr7:*:*:*:*:*:*:*",
"matchCriteriaId": "98825256-4520-473B-AC9F-F74B9D95DD0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr8:*:*:*:*:*:*:*",
"matchCriteriaId": "913EC8D3-A9A3-4FC6-B2FD-87003F985F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr8:p1:*:*:*:*:*:*",
"matchCriteriaId": "DB03D1C7-F4BA-4B0E-814F-3C43395AC928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:*:*:*:*:*:*:*",
"matchCriteriaId": "339D371C-57FF-43AD-97DB-A8FA9ADCB796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p1:*:*:*:*:*:*",
"matchCriteriaId": "2F0B9AE4-75B8-43BC-B66B-0ABE6C21599F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p2:*:*:*:*:*:*",
"matchCriteriaId": "09EB75CC-8EBD-49D2-B986-CB83D2742A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p3:*:*:*:*:*:*",
"matchCriteriaId": "DF450A53-1F3F-415C-90C5-E43E9A37197F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_base:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4AF5A4-1B99-43F8-A659-7C57B033F2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F492431-5AE7-439F-81F1-B96EAD773E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC640D5-C840-4ABB-BD22-9B60BBFE8DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:p1:*:*:*:*:*:*",
"matchCriteriaId": "3C438DB1-1761-4C1B-A6DD-AD84853C5755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEB2094F-B0E1-4129-BFD6-9FE1687B0AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr4:*:*:*:*:*:*:*",
"matchCriteriaId": "16B75EA6-516D-4550-B83D-E0EFDAA25208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:*:*:*:*:*:*:*",
"matchCriteriaId": "48A2A712-E8FD-460F-9A3C-3760082B8920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:p1:*:*:*:*:*:*",
"matchCriteriaId": "EDB5ECBA-051E-4500-9B8C-82479D45164D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:*:*:*:*:*:*:*",
"matchCriteriaId": "8F6F5080-355B-4A85-8DF4-D75D6A550C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p1:*:*:*:*:*:*",
"matchCriteriaId": "CBDFC81E-CA80-4E31-B839-A98FAB4F92A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p2:*:*:*:*:*:*",
"matchCriteriaId": "23A09CF0-9C9B-4FBF-9AEC-285002175F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p3:*:*:*:*:*:*",
"matchCriteriaId": "69BC1C33-550D-405E-860B-35F301B8B2D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_base:*:*:*:*:*:*:*",
"matchCriteriaId": "21E55CCE-2B52-4865-8C63-7E6C779C20D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "9881CF16-F617-48DA-8CB8-08C3D943CCD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:p1:*:*:*:*:*:*",
"matchCriteriaId": "8D743715-37BA-4169-9C91-3BD5E28694F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFFB01B-1B4F-4072-A68C-98C538DE34ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:p1:*:*:*:*:*:*",
"matchCriteriaId": "47B6F991-49EC-444F-8883-A57C37E8BA29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "9309C030-2F02-4E7E-B3E3-035B93DD1E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:p1:*:*:*:*:*:*",
"matchCriteriaId": "A58843EB-A2C0-4034-967F-502A52DCC351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_base:*:*:*:*:*:*:*",
"matchCriteriaId": "30ECA8FE-D587-4692-AA90-9706E44BAC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DCD22A8-7E04-4782-AEB2-07878925A2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:p1:*:*:*:*:*:*",
"matchCriteriaId": "FF7208EC-0255-462E-B5DE-9D5617D8C20D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "396253A5-EC5F-429B-ABF3-20CB0A56E658",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_base:*:*:*:*:*:*:*",
"matchCriteriaId": "6589E647-4E17-44A9-A6C6-483C541E4095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFFA393-E70D-41C2-BB2D-147F8A6DFBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr1:p1:*:*:*:*:*:*",
"matchCriteriaId": "815D810A-003F-4D8F-B368-CC28152E60B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "28D63C8E-4EDE-4CAF-B7F6-9CB46AFE0664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr2:p1:*:*:*:*:*:*",
"matchCriteriaId": "A5F8D5F3-ED67-469D-BBCE-A7669BF85755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "85B536C7-3E9A-4862-9714-3BCA1A8C6815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr3:p1:*:*:*:*:*:*",
"matchCriteriaId": "56639D86-F53E-4334-A67C-D9DB2D5713E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.7_base:*:*:*:*:*:*:*",
"matchCriteriaId": "7288021F-83C7-49FC-9CC3-CC4B3877C412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.7_mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F99CC51-B1B2-4E1A-ACA6-766EE5907139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.7_mr1:p1:*:*:*:*:*:*",
"matchCriteriaId": "031E633D-2FED-4874-8D7D-4275875078FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.7_mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "992973F3-E460-4AF5-B1BA-48CC61B87FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t29_base:*:*:*:*:*:*:*",
"matchCriteriaId": "D792EF72-4866-4DD9-AE59-468E49C7E31F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t30_base:*:*:*:*:*:*:*",
"matchCriteriaId": "1515E161-06AE-4A77-BA55-B04E0ECF05B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t31_base:*:*:*:*:*:*:*",
"matchCriteriaId": "77A34A56-995C-456D-9F66-2D4510A8746A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Cisco WebEx Extension en versiones anteriores a 1.0.7 en Google Chrome, el ActiveTouch General Pluging Container en versiones anteriores a 106 en Mozilla Firefox, el plugin de control GpcContainer Class Active X en versiones anteriores a 2.1.0.10 en Internet Explorer. Una vulnerabilidad en las extensiones del navegador CiscoWebEx podr\u00eda permitir a un atacante remoto no autenticado ejecutar c\u00f3digo arbitrario con privilegios del navegador afectado en el sistema afectado. Esta vulnerabilidad afecta a las extensiones del navegador para Cisco WebEx Meetings Server y Cisco WebEx Centers (Meeting Center, Event Center, Training Center, y Support Center) cuando se ejecutan en Microsoft Windows. La vulnerabilidad es un defecto de dise\u00f1o del int\u00e9rprete de respuesta de una interfaz de programaci\u00f3n de aplicaciones (API) dentro de la extensi\u00f3n. Un atacante que pueda convencer al usuario afectado para visitar una p\u00e1gina web controlada por un hacker o a pulsar un enlace proporcionado por un atacante con un navegador afectado puede explotar la vulnerabilidad. Si tiene \u00e9xito, el atacante puede ejecutar c\u00f3digo arbitrario con los privilegios del navegador afectado."
}
],
"id": "CVE-2017-3823",
"lastModified": "2024-11-21T03:26:11.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T11:59:00.133",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95737"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1037680"
},
{
"source": "ykramarz@cisco.com",
"url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"source": "ykramarz@cisco.com",
"url": "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"source": "ykramarz@cisco.com",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
},
{
"source": "ykramarz@cisco.com",
"url": "https://www.kb.cert.org/vuls/id/909240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/909240"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}