Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-3823

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 8.8, indicating it can be exploited remotely over the network with relatively low complexity though user interaction is required and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 6 products from cisco, from cisco, from cisco and 3 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2017, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2017-02-01T11:59:00.133

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-119
Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	activetouch_general_plugin_container	105	Yes
Application	cisco	download_manager	2.1.0.9	Yes
Application	cisco	gpccontainer_class	≤ 10031.6.2017.0125	Yes
Application	cisco	webex	≤ 1.0.6	Yes
Application	cisco	webex_meetings_server	2.0_base	Yes
Application	cisco	webex_meetings_server	2.0_mr2	Yes
Application	cisco	webex_meetings_server	2.0_mr3	Yes
Application	cisco	webex_meetings_server	2.0_mr4	Yes
Application	cisco	webex_meetings_server	2.0_mr5	Yes
Application	cisco	webex_meetings_server	2.0_mr6	Yes
Application	cisco	webex_meetings_server	2.0_mr7	Yes
Application	cisco	webex_meetings_server	2.0_mr8	Yes
Application	cisco	webex_meetings_server	2.0_mr8	Yes
Application	cisco	webex_meetings_server	2.0_mr9	Yes
Application	cisco	webex_meetings_server	2.0_mr9	Yes
Application	cisco	webex_meetings_server	2.0_mr9	Yes
Application	cisco	webex_meetings_server	2.0_mr9	Yes
Application	cisco	webex_meetings_server	2.5_base	Yes
Application	cisco	webex_meetings_server	2.5_mr1	Yes
Application	cisco	webex_meetings_server	2.5_mr2	Yes
Application	cisco	webex_meetings_server	2.5_mr2	Yes
Application	cisco	webex_meetings_server	2.5_mr3	Yes
Application	cisco	webex_meetings_server	2.5_mr4	Yes
Application	cisco	webex_meetings_server	2.5_mr5	Yes
Application	cisco	webex_meetings_server	2.5_mr5	Yes
Application	cisco	webex_meetings_server	2.5_mr6	Yes
Application	cisco	webex_meetings_server	2.5_mr6	Yes
Application	cisco	webex_meetings_server	2.5_mr6	Yes
Application	cisco	webex_meetings_server	2.5_mr6	Yes
Application	cisco	webex_meetings_server	2.6_base	Yes
Application	cisco	webex_meetings_server	2.6_mr1	Yes
Application	cisco	webex_meetings_server	2.6_mr1	Yes
Application	cisco	webex_meetings_server	2.6_mr2	Yes
Application	cisco	webex_meetings_server	2.6_mr2	Yes
Application	cisco	webex_meetings_server	2.6_mr3	Yes
Application	cisco	webex_meetings_server	2.6_mr3	Yes
Application	cisco	webex_meetings_server	2.7_base	Yes
Application	cisco	webex_meetings_server	2.7_mr1	Yes
Application	cisco	webex_meetings_server	2.7_mr1	Yes
Application	cisco	webex_meetings_server	2.7_mr2	Yes
Application	cisco	webex_meeting_center	2.6_base	Yes
Application	cisco	webex_meeting_center	2.6_mr1	Yes
Application	cisco	webex_meeting_center	2.6_mr1	Yes
Application	cisco	webex_meeting_center	2.6_mr2	Yes
Application	cisco	webex_meeting_center	2.6_mr2	Yes
Application	cisco	webex_meeting_center	2.6_mr3	Yes
Application	cisco	webex_meeting_center	2.6_mr3	Yes
Application	cisco	webex_meeting_center	2.7_base	Yes
Application	cisco	webex_meeting_center	2.7_mr1	Yes
Application	cisco	webex_meeting_center	2.7_mr1	Yes
Application	cisco	webex_meeting_center	2.7_mr2	Yes
Application	cisco	webex_meeting_center	t29_base	Yes
Application	cisco	webex_meeting_center	t30_base	Yes
Application	cisco	webex_meeting_center	t31_base	Yes

References

http://www.securityfocus.com/bid/95737 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1037680 ([email protected])
https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html ([email protected])
https://blog.filippo.io/webex-extension-vulnerability/ ([email protected])
https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 Technical Description, Third Party Advisory ([email protected])
https://bugs.chromium.org/p/project-zero/issues/detail?id=1100 ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex Vendor Advisory ([email protected])
https://www.kb.cert.org/vuls/id/909240 ([email protected])
http://www.securityfocus.com/bid/95737 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1037680 (af854a3a-2127-422b-91ae-364da2661108)
https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html (af854a3a-2127-422b-91ae-364da2661108)
https://blog.filippo.io/webex-extension-vulnerability/ (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 Technical Description, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1100 (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.kb.cert.org/vuls/id/909240 (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For cisco's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.