Security News > 2017 > January > The latest on the critical RCE Cisco WebEx extension vulnerability (Help Net Security)
2017-01-30 15:14
Since Google bug hunter Tavis Ormandy revealed the existence of a remotely exploitable code execution flaw in the Cisco WebEx extension for Google Chrome last week, Cisco has pushed out several updates for it in quick succession. We’re now up to version 1.0.7 (the initial update to fix the flaw was 1.0.3), and ostensibly the vulnerability has now been fixed. The latest update of the security advisory detailing the issue says that the WebEx extensions … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/xd5ORaZMUI4/
Related news
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- The ongoing evolution of the CIS Critical Security Controls (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)