7 matches found
Cisco WebEx Extension for Chrome < 1.0.12 'atgpcext' Library GPC Sanitization RCE (cisco-sa-20170717-webex)
The Cisco WebEx Extension for Chrome installed on the remote host is a version prior to 1.0.12. It is, therefore, affected by a remote code execution vulnerability in the 'atgpcext' library due to incomplete GPC sanitization. An unauthenticated, remote attacker can exploit this, by convincing a...
Cisco WebEx Extension for Firefox < 1.0.12 'atgpcext' Library GPC Sanitization RCE (cisco-sa-20170717-webex)
The Cisco WebEx Extension for Firefox installed on the remote host is a version prior to 1.0.12. It is, therefore, affected by a remote code execution vulnerability in the 'atgpcext' library due to incomplete GPC sanitization. An unauthenticated, remote attacker can exploit this, by convincing a...
Cisco WebEx Chrome Extension Remote Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Cisco WebEx Chrome Extension RCE CVE-2017-3823", 'Description' = %q This module exploits a vulnerability present in the Cisco...
Cisco WebEx for Firefox RCE (cisco-sa-20170124-webex)
The Cisco WebEx Extension for Firefox installed on the remote host is affected by a remote code execution vulnerability due to a crafted pattern that permits any URL utilizing it to automatically use native messaging to access sensitive functionality provided by the extension. An unauthenticated,...
Cisco WebEx Chrome Extension RCE (CVE-2017-3823)
This module exploits a vulnerability present in the Cisco WebEx Chrome Extension version 1.0.1 which allows an attacker to execute arbitrary commands on a system. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
WebEx browser extension command execution
Added: 01/26/2017 CVE: CVE-2017-3823 BID: 95737 Background Cisco WebEx is an online meeting solution. Extensions are available for all major web browsers, which enable users to join meetings from their browser. Problem A vulnerability in the WebEx browser extensions allows command execution when ...
How to protect yourself from the WebEx extension
On Monday, Tavis Ormandy of Project Zero revealed that the Cisco WebEx Chrome extension 20M users has a critical vulnerability. OMFG🔥 The WebEx Chrome extension has a trivial code execution vulnerability: any website could just install malware on your machine silently -- Filippo Valsorda...