CVE-2017-3823

Name of the Vulnerable Software and Affected Versions Cisco WebEx Extension versions prior to 1.0.7 ActiveTouch General Plugin Container versions prior to 106 GpcContainer Class ActiveX control plugin versions prior to 10031.6.2017.0126 Download Manager ActiveX control plugin versions prior to 2.1.0.10

Description A design defect in an application programming interface (API) response parser within the Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. The vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers when they are running on Microsoft Windows. An attacker could exploit the vulnerability by convincing an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.

Recommendations For Cisco WebEx Extension version prior to 1.0.7, update to version 1.0.7 or later. For ActiveTouch General Plugin Container version prior to 106, update to version 106 or later. For GpcContainer Class ActiveX control plugin version prior to 10031.6.2017.0126, update to version 10031.6.2017.0126 or later. For Download Manager ActiveX control plugin version prior to 2.1.0.10, update to version 2.1.0.10 or later.