← Back

CVE-2017-3823

nvd nist
Published: Feb 1, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.

Affected (54)

Cisco
6 products
Activetouch General Plugin Container
Download Manager
Gpccontainer Class
Webex
Webex Meetings Server
Webex Meeting Center
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Activetouch General Plugin Container
Version 105
Download Manager
Version 2.1.0.9
Gpccontainer Class
Up to 10031.6.2017.0125
Webex
Up to 1.0.6
Configuration B
36 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Webex Meetings Server
Version 2.0_base
Webex Meetings Server
Version 2.0_mr2
Webex Meetings Server
Version 2.0_mr3
Webex Meetings Server
Version 2.0_mr4
Webex Meetings Server
Version 2.0_mr5
Webex Meetings Server
Version 2.0_mr6
Webex Meetings Server
Version 2.0_mr7
Webex Meetings Server
Version 2.0_mr8
Webex Meetings Server
Version 2.0_mr8 p1
Webex Meetings Server
Version 2.0_mr9
Webex Meetings Server
Version 2.0_mr9 p1
Webex Meetings Server
Version 2.0_mr9 p2
Webex Meetings Server
Version 2.0_mr9 p3
Webex Meetings Server
Version 2.5_base
Webex Meetings Server
Version 2.5_mr1
Webex Meetings Server
Version 2.5_mr2
Webex Meetings Server
Version 2.5_mr2 p1
Webex Meetings Server
Version 2.5_mr3
Webex Meetings Server
Version 2.5_mr4
Webex Meetings Server
Version 2.5_mr5
Webex Meetings Server
Version 2.5_mr5 p1
Webex Meetings Server
Version 2.5_mr6
Webex Meetings Server
Version 2.5_mr6 p1
Webex Meetings Server
Version 2.5_mr6 p2
Webex Meetings Server
Version 2.5_mr6 p3
Webex Meetings Server
Version 2.6_base
Webex Meetings Server
Version 2.6_mr1
Webex Meetings Server
Version 2.6_mr1 p1
Webex Meetings Server
Version 2.6_mr2
Webex Meetings Server
Version 2.6_mr2 p1
Webex Meetings Server
Version 2.6_mr3
Webex Meetings Server
Version 2.6_mr3 p1
Webex Meetings Server
Version 2.7_base
Webex Meetings Server
Version 2.7_mr1
Webex Meetings Server
Version 2.7_mr1 p1
Webex Meetings Server
Version 2.7_mr2
Configuration C
14 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Webex Meeting Center
Version 2.6_base
Webex Meeting Center
Version 2.6_mr1
Webex Meeting Center
Version 2.6_mr1 p1
Webex Meeting Center
Version 2.6_mr2
Webex Meeting Center
Version 2.6_mr2 p1
Webex Meeting Center
Version 2.6_mr3
Webex Meeting Center
Version 2.6_mr3 p1
Webex Meeting Center
Version 2.7_base
Webex Meeting Center
Version 2.7_mr1
Webex Meeting Center
Version 2.7_mr1 p1
Webex Meeting Center
Version 2.7_mr2
Webex Meeting Center
Version t29_base
Webex Meeting Center
Version t30_base
Webex Meeting Center
Version t31_base

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (16)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Technical DescriptionThird Party Advisory
Source: psirt@cisco.com
Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Technical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.