All the vulnerabilites related to cisco - download_manager
cve-2017-3823
Vulnerability from cvelistv5
Published
2017-02-01 11:00
Modified
2024-08-05 14:39
Severity ?
Summary
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:40.444Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
          },
          {
            "name": "VU#909240",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/909240"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.filippo.io/webex-extension-vulnerability/"
          },
          {
            "name": "95737",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95737"
          },
          {
            "name": "1037680",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037680"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco WebEx browser extensions",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco WebEx browser extensions"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-09T13:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
        },
        {
          "name": "VU#909240",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/909240"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.filippo.io/webex-extension-vulnerability/"
        },
        {
          "name": "95737",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95737"
        },
        {
          "name": "1037680",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037680"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3823",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco WebEx browser extensions",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco WebEx browser extensions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096",
              "refsource": "MISC",
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
            },
            {
              "name": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html",
              "refsource": "MISC",
              "url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
            },
            {
              "name": "VU#909240",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/909240"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
            },
            {
              "name": "https://blog.filippo.io/webex-extension-vulnerability/",
              "refsource": "MISC",
              "url": "https://blog.filippo.io/webex-extension-vulnerability/"
            },
            {
              "name": "95737",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95737"
            },
            {
              "name": "1037680",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037680"
            },
            {
              "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100",
              "refsource": "MISC",
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-3823",
    "datePublished": "2017-02-01T11:00:00",
    "dateReserved": "2016-12-21T00:00:00",
    "dateUpdated": "2024-08-05T14:39:40.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2017-02-01 11:59
Modified
2024-11-21 03:26
Summary
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/95737Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1037680
ykramarz@cisco.comhttps://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html
ykramarz@cisco.comhttps://blog.filippo.io/webex-extension-vulnerability/
ykramarz@cisco.comhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1096Technical Description, Third Party Advisory
ykramarz@cisco.comhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1100
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webexVendor Advisory
ykramarz@cisco.comhttps://www.kb.cert.org/vuls/id/909240
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/95737Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037680
af854a3a-2127-422b-91ae-364da2661108https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html
af854a3a-2127-422b-91ae-364da2661108https://blog.filippo.io/webex-extension-vulnerability/
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/project-zero/issues/detail?id=1096Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/project-zero/issues/detail?id=1100
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webexVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/909240
Impacted products
Vendor Product Version
cisco activetouch_general_plugin_container 105
cisco download_manager 2.1.0.9
cisco gpccontainer_class *
cisco webex *
cisco webex_meetings_server 2.0_base
cisco webex_meetings_server 2.0_mr2
cisco webex_meetings_server 2.0_mr3
cisco webex_meetings_server 2.0_mr4
cisco webex_meetings_server 2.0_mr5
cisco webex_meetings_server 2.0_mr6
cisco webex_meetings_server 2.0_mr7
cisco webex_meetings_server 2.0_mr8
cisco webex_meetings_server 2.0_mr8
cisco webex_meetings_server 2.0_mr9
cisco webex_meetings_server 2.0_mr9
cisco webex_meetings_server 2.0_mr9
cisco webex_meetings_server 2.0_mr9
cisco webex_meetings_server 2.5_base
cisco webex_meetings_server 2.5_mr1
cisco webex_meetings_server 2.5_mr2
cisco webex_meetings_server 2.5_mr2
cisco webex_meetings_server 2.5_mr3
cisco webex_meetings_server 2.5_mr4
cisco webex_meetings_server 2.5_mr5
cisco webex_meetings_server 2.5_mr5
cisco webex_meetings_server 2.5_mr6
cisco webex_meetings_server 2.5_mr6
cisco webex_meetings_server 2.5_mr6
cisco webex_meetings_server 2.5_mr6
cisco webex_meetings_server 2.6_base
cisco webex_meetings_server 2.6_mr1
cisco webex_meetings_server 2.6_mr1
cisco webex_meetings_server 2.6_mr2
cisco webex_meetings_server 2.6_mr2
cisco webex_meetings_server 2.6_mr3
cisco webex_meetings_server 2.6_mr3
cisco webex_meetings_server 2.7_base
cisco webex_meetings_server 2.7_mr1
cisco webex_meetings_server 2.7_mr1
cisco webex_meetings_server 2.7_mr2
cisco webex_meeting_center 2.6_base
cisco webex_meeting_center 2.6_mr1
cisco webex_meeting_center 2.6_mr1
cisco webex_meeting_center 2.6_mr2
cisco webex_meeting_center 2.6_mr2
cisco webex_meeting_center 2.6_mr3
cisco webex_meeting_center 2.6_mr3
cisco webex_meeting_center 2.7_base
cisco webex_meeting_center 2.7_mr1
cisco webex_meeting_center 2.7_mr1
cisco webex_meeting_center 2.7_mr2
cisco webex_meeting_center t29_base
cisco webex_meeting_center t30_base
cisco webex_meeting_center t31_base



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:activetouch_general_plugin_container:105:*:*:*:*:firefox:*:*",
              "matchCriteriaId": "7C4F4E52-9923-47E0-8990-8DB3761C724F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:download_manager:2.1.0.9:*:*:*:*:internet_explorer:*:*",
              "matchCriteriaId": "8E2D077D-DB25-4D10-A4DD-7E55CD7B6050",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:gpccontainer_class:*:*:*:*:*:internet_explorer:*:*",
              "matchCriteriaId": "E7F1F1F5-E057-42F2-878B-CD62E4B7D4E2",
              "versionEndIncluding": "10031.6.2017.0125",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex:*:*:*:*:*:chrome:*:*",
              "matchCriteriaId": "E1B0BEA6-F4C4-4A54-AFF8-E16B4C110AED",
              "versionEndIncluding": "1.0.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "80B9A3E8-DD9D-451B-81A4-BADA16512845",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E84A595-4A33-4FA1-AF86-DFCBECAB8D43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr3:*:*:*:*:*:*:*",
              "matchCriteriaId": "56F6DDAE-BD36-4D8D-BC48-DD229F33125A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2010E860-9DA9-4706-BEE7-7521BCBC5E05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC1C2055-272B-403A-9BF8-5FA8CFBC933D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr6:*:*:*:*:*:*:*",
              "matchCriteriaId": "346A7C39-AF2E-499F-B77E-0F80787D268E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr7:*:*:*:*:*:*:*",
              "matchCriteriaId": "98825256-4520-473B-AC9F-F74B9D95DD0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr8:*:*:*:*:*:*:*",
              "matchCriteriaId": "913EC8D3-A9A3-4FC6-B2FD-87003F985F6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr8:p1:*:*:*:*:*:*",
              "matchCriteriaId": "DB03D1C7-F4BA-4B0E-814F-3C43395AC928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:*:*:*:*:*:*:*",
              "matchCriteriaId": "339D371C-57FF-43AD-97DB-A8FA9ADCB796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2F0B9AE4-75B8-43BC-B66B-0ABE6C21599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p2:*:*:*:*:*:*",
              "matchCriteriaId": "09EB75CC-8EBD-49D2-B986-CB83D2742A84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p3:*:*:*:*:*:*",
              "matchCriteriaId": "DF450A53-1F3F-415C-90C5-E43E9A37197F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F4AF5A4-1B99-43F8-A659-7C57B033F2A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F492431-5AE7-439F-81F1-B96EAD773E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EC640D5-C840-4ABB-BD22-9B60BBFE8DD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "3C438DB1-1761-4C1B-A6DD-AD84853C5755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEB2094F-B0E1-4129-BFD6-9FE1687B0AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16B75EA6-516D-4550-B83D-E0EFDAA25208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48A2A712-E8FD-460F-9A3C-3760082B8920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "EDB5ECBA-051E-4500-9B8C-82479D45164D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6F5080-355B-4A85-8DF4-D75D6A550C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CBDFC81E-CA80-4E31-B839-A98FAB4F92A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "23A09CF0-9C9B-4FBF-9AEC-285002175F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "69BC1C33-550D-405E-860B-35F301B8B2D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "21E55CCE-2B52-4865-8C63-7E6C779C20D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9881CF16-F617-48DA-8CB8-08C3D943CCD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8D743715-37BA-4169-9C91-3BD5E28694F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FFFB01B-1B4F-4072-A68C-98C538DE34ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "47B6F991-49EC-444F-8883-A57C37E8BA29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9309C030-2F02-4E7E-B3E3-035B93DD1E0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "A58843EB-A2C0-4034-967F-502A52DCC351",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "30ECA8FE-D587-4692-AA90-9706E44BAC1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DCD22A8-7E04-4782-AEB2-07878925A2AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:p1:*:*:*:*:*:*",
              "matchCriteriaId": "FF7208EC-0255-462E-B5DE-9D5617D8C20D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_mr2:*:*:*:*:*:*:*",
              "matchCriteriaId": "396253A5-EC5F-429B-ABF3-20CB0A56E658",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "6589E647-4E17-44A9-A6C6-483C541E4095",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AFFA393-E70D-41C2-BB2D-147F8A6DFBBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr1:p1:*:*:*:*:*:*",
              "matchCriteriaId": "815D810A-003F-4D8F-B368-CC28152E60B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr2:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D63C8E-4EDE-4CAF-B7F6-9CB46AFE0664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "A5F8D5F3-ED67-469D-BBCE-A7669BF85755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr3:*:*:*:*:*:*:*",
              "matchCriteriaId": "85B536C7-3E9A-4862-9714-3BCA1A8C6815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.6_mr3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "56639D86-F53E-4334-A67C-D9DB2D5713E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.7_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "7288021F-83C7-49FC-9CC3-CC4B3877C412",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.7_mr1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F99CC51-B1B2-4E1A-ACA6-766EE5907139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.7_mr1:p1:*:*:*:*:*:*",
              "matchCriteriaId": "031E633D-2FED-4874-8D7D-4275875078FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meeting_center:2.7_mr2:*:*:*:*:*:*:*",
              "matchCriteriaId": "992973F3-E460-4AF5-B1BA-48CC61B87FCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meeting_center:t29_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "D792EF72-4866-4DD9-AE59-468E49C7E31F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meeting_center:t30_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "1515E161-06AE-4A77-BA55-B04E0ECF05B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meeting_center:t31_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "77A34A56-995C-456D-9F66-2D4510A8746A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en Cisco WebEx Extension en versiones anteriores a 1.0.7 en Google Chrome, el ActiveTouch General Pluging Container en versiones anteriores a 106 en Mozilla Firefox, el plugin de control GpcContainer Class Active X en versiones anteriores a 2.1.0.10 en Internet Explorer. Una vulnerabilidad en las extensiones del navegador CiscoWebEx podr\u00eda permitir a un atacante remoto no autenticado ejecutar c\u00f3digo arbitrario con privilegios del navegador afectado en el sistema afectado. Esta vulnerabilidad afecta a las extensiones del navegador para Cisco WebEx Meetings Server y Cisco WebEx Centers (Meeting Center, Event Center, Training Center, y Support Center) cuando se ejecutan en Microsoft Windows. La vulnerabilidad es un defecto de dise\u00f1o del int\u00e9rprete de respuesta de una interfaz de programaci\u00f3n de aplicaciones (API) dentro de la extensi\u00f3n. Un atacante que pueda convencer al usuario afectado para visitar una p\u00e1gina web controlada por un hacker o a pulsar un enlace proporcionado por un atacante con un navegador afectado puede explotar la vulnerabilidad. Si tiene \u00e9xito, el atacante puede ejecutar c\u00f3digo arbitrario con los privilegios del navegador afectado."
    }
  ],
  "id": "CVE-2017-3823",
  "lastModified": "2024-11-21T03:26:11.147",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T11:59:00.133",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95737"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1037680"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://blog.filippo.io/webex-extension-vulnerability/"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://www.kb.cert.org/vuls/id/909240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://blog.filippo.io/webex-extension-vulnerability/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.kb.cert.org/vuls/id/909240"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}