The WebEx Google Chrome extension versions older than.0.7 are affected.
The version of the plugin depends on the version of Cisco WebEx that provided the update.
Solution, apply an update, cisco has addressed this vulnerability in the Chrome web browser extension version.0.7.
Chrome users can ensure they are using the fixed version of the Cisco WebEx Extension for Google Chrome by doing the following: In Chrome, open the, settings page.Both Google and Mozilla have restored the WebEx extension after temporarily removing it from their web stores.Alternatively, the following text can be saved.REG file and imported to set the kill bit for this control: Windows Registry Editor Version.00, ExplorerActiveX "Compatibility Flags"dword:00000400, ExplorerActiveX "Compatibility Flags"dword:00000400.Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.This may help prevent a "drive-by download" attack without user interaction on Firefox.In most cases this will be a maintenance upgrade to software that was previously purchased.The registered name of the plugin in Internet Explorer may differ based on the installation method used for the plugin.Exploit code for the Google Chrome extension is publicly available.Note, however, that per-site ActiveX in Internet Explorer occurs on the domain level, rather than the subdomain level.Select either, download Manager or, gpcContainer Class hack wireless password 2013 add-on under, cisco WebEx LLC, validate that the Download Manager Version or GpcContainer Class Version shows as or later, or one of the versions strings in the following table: The version number is displayed at the bottom.The WebEx Internet Explorer GpcContainer ActiveX control version and earlier are reported to be affected.Cvss Metrics learn More group, score.The following releases of Cisco WebEx Meetings Server have been updated to address this vulnerability: WebEx Meetings Server.5MR6 Patch 4 WebEx Meetings Server.6MR3 Patch 2 WebEx Meetings Server.7MR2 Patch 1 Cisco WebEx Meetings Server client packages will be available as part.
If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Cisco pointed out that the security hole does not affect Microsofts Edge browser or other operating systems.When a fixed version of the plugin from any version of Cisco WebEx is installed, it will not be downgraded or changed to a version installed by a different fixed version of Cisco WebEx.The vulnerability, identified as CVE, allows an unauthenticated attacker to remotely execute arbitrary code with the privileges of the web browser by getting the targeted user to access a specially crafted web page.Select, manage add-ons, select, all add-ons from the, show drop-down menu.Note that in the default configuration of Firefox, the browser will prompt the user before running the plugin upon visiting each new subdomain.Mozilla Firefox, version 106 of the ActiveTouch General Plugin Container (10031.6.2017.127) for Mozilla Firefox was released on January 28, 2017 and contains a fix for this vulnerability.The flaw was discovered by Google Project Zero researcher Tavis Ormandy in the WebEx extension for Chrome and disclosed after it was apparently patched by Cisco.Locate the, activeTouch General Plugin Container in the list of Plugins and click on the.Microsoft Support Document 240797.
Tools button, select, manage add-ons, select, all add-ons from the Show drop-down menu, select the.
By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: ml, additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller.