Cisco WebEx for Internet Explorer RCE (cisco-sa-20170124-webex)
High Nessus Plugin ID 96908
SynopsisA browser extension installed on the remote host is affected by a remote code execution vulnerability.
DescriptionThe Cisco WebEx Extension for Internet Explorer installed on the remote host is affected by a remote code execution vulnerability due to a crafted pattern that permits any URL utilizing it to automatically use native messaging to access sensitive functionality provided by the extension. An unauthenticated, remote attacker can exploit this vulnerability to execute arbitrary code by convincing a user to visit a web page that contains this pattern and starting a WebEx session.
SolutionUpgrade to Cisco WebEx Extension version 184.108.40.206 or later.