critical
9.3
CWE
119
Advisory Published
Updated

CVE-2017-3823: Buffer Overflow

First published: Wed Feb 01 2017(Updated: )

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco Activetouch General Plugin Container=105
Cisco Download Manager=2.1.0.9
Cisco Gpccontainer Class<=10031.6.2017.0125
Cisco Webex<=1.0.6
Cisco WebEx Meetings Server=2.0_base
Cisco WebEx Meetings Server=2.0_mr2
Cisco WebEx Meetings Server=2.0_mr3
Cisco WebEx Meetings Server=2.0_mr4
Cisco WebEx Meetings Server=2.0_mr5
Cisco WebEx Meetings Server=2.0_mr6
Cisco WebEx Meetings Server=2.0_mr7
Cisco WebEx Meetings Server=2.0_mr8
Cisco WebEx Meetings Server=2.0_mr8-p1
Cisco WebEx Meetings Server=2.0_mr9
Cisco WebEx Meetings Server=2.0_mr9-p1
Cisco WebEx Meetings Server=2.0_mr9-p2
Cisco WebEx Meetings Server=2.0_mr9-p3
Cisco WebEx Meetings Server=2.5_base
Cisco WebEx Meetings Server=2.5_mr1
Cisco WebEx Meetings Server=2.5_mr2
Cisco WebEx Meetings Server=2.5_mr2-p1
Cisco WebEx Meetings Server=2.5_mr3
Cisco WebEx Meetings Server=2.5_mr4
Cisco WebEx Meetings Server=2.5_mr5
Cisco WebEx Meetings Server=2.5_mr5-p1
Cisco WebEx Meetings Server=2.5_mr6
Cisco WebEx Meetings Server=2.5_mr6-p1
Cisco WebEx Meetings Server=2.5_mr6-p2
Cisco WebEx Meetings Server=2.5_mr6-p3
Cisco WebEx Meetings Server=2.6_base
Cisco WebEx Meetings Server=2.6_mr1
Cisco WebEx Meetings Server=2.6_mr1-p1
Cisco WebEx Meetings Server=2.6_mr2
Cisco WebEx Meetings Server=2.6_mr2-p1
Cisco WebEx Meetings Server=2.6_mr3
Cisco WebEx Meetings Server=2.6_mr3-p1
Cisco WebEx Meetings Server=2.7_base
Cisco WebEx Meetings Server=2.7_mr1
Cisco WebEx Meetings Server=2.7_mr1-p1
Cisco WebEx Meetings Server=2.7_mr2
Cisco WebEx Meeting Center=2.6_base
Cisco WebEx Meeting Center=2.6_mr1
Cisco WebEx Meeting Center=2.6_mr1-p1
Cisco WebEx Meeting Center=2.6_mr2
Cisco WebEx Meeting Center=2.6_mr2-p1
Cisco WebEx Meeting Center=2.6_mr3
Cisco WebEx Meeting Center=2.6_mr3-p1
Cisco WebEx Meeting Center=2.7_base
Cisco WebEx Meeting Center=2.7_mr1
Cisco WebEx Meeting Center=2.7_mr1-p1
Cisco WebEx Meeting Center=2.7_mr2
Cisco WebEx Meeting Center=t29_base
Cisco WebEx Meeting Center=t30_base
Cisco WebEx Meeting Center=t31_base

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203