Cisco WebEx Extension for Firefox < 1.0.12 'atgpcext' Library GPC Sanitization RCE (cisco-sa-20170717-webex)
High Nessus Plugin ID 101817
SynopsisA browser extension installed on the remote host is affected by a remote code execution vulnerability.
DescriptionThe Cisco WebEx Extension for Firefox installed on the remote host is a version prior to 1.0.12. It is, therefore, affected by a remote code execution vulnerability in the 'atgpcext' library due to incomplete GPC sanitization. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code with the privileges of the affected browser.
SolutionUpgrade to Cisco WebEx Extension for Firefox version 1.0.12 or later.