Source |
Network World |
Identifiant |
301696 |
Date de publication |
2017-01-27 07:59:00 (vue: 2017-01-27 07:59:00) |
Titre |
Cisco starts patching critical flaw in WebEx browser extension |
Texte |
Cisco Systems has started to patch a critical vulnerability in its WebEx collaboration and conferencing browser extension that could allow attackers to remotely execute malicious code on computers.
The company released a patched version of the extension -- 1.0.7 -- for Google Chrome on Thursday and is working on similar patches for the Internet Explorer and Mozilla Firefox versions.
The vulnerability was found by Google security researcher Tavis Ormandy and stemmed from the fact that the WebEx extension exposed functionality to any website that had "cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html" in its URL or inside an iframe. Some of that WebEx functionality allowed for the execution of arbitrary code on computers.To read this article in full or to leave a comment, please click here |
Envoyé |
Oui |
Condensat |
32dc7efc570b 43c85c0d af5e allow allowed any arbitrary article attackers browser c056 chrome cisco click code collaboration comment company computers conferencing could critical cwcsf d633 execute execution explorer exposed extension fact firefox flaw found from full functionality google had has here html iframe inside internet its leave malicious mozilla nativemsg ormandy patch patched patches patching please read released remotely researcher security similar some started starts stemmed systems tavis thursday url version versions vulnerability webex website working |
Tags |
|
Stories |
|
Notes |
|
Move |
|