Skip to main content

Security Alert: WebEx Windows Browser Vulnerability

Date:
2017-01-25 00:00:00
Status:
Closed
Brief Description:
A vulnerability has been detected in the extension used by WebEx to run in all Windows browsers except Edge. Update WebEx extensions or switch to Zoom and uninstall WebEx.
Current Status:
WebEx has provided updated components for Firefox and Internet Explorer that close the vulnerability. Anyone continuing to use WebEx should immediately apply these updates (see below) and the previously announced update for Chrome.

Since support is being ended for WebEx in June, you may instead want to switch to the new supported web conference service, Zoom, and use the WebEx uninstall tool to clear all WebEx components from your computer and eliminate associated vulnerabilities.
Zoom service page: http://it.cornell.edu/zoom
WebEx removal tool: https://help.webex.com/docs/DOC-2672


Mozilla Firefox
Version 106 of the ActiveTouch General Plugin Container for Mozilla Firefox was released on January 28, 2017 and contains a fix for this vulnerability. Mozilla users can ensure they are using the fixed version of the ActiveTouch General Plugin Container for Mozilla by:
1. Clicking the menu button (three horizontal bars on the upper right of the application) and selecting Add-ons.

2. In the Add-ons Manager tab, click the Plugins panel

3. Locate the ActiveTouch General Plugin Container in the list of Plugins and click on the More link to obtain the version information

Microsoft Internet Explorer
Version 10031.6.2017.0127 of the GpcContainer Class for Microsoft Internet Explorer was released on January 28, 2017 and contains a fix for this vulnerability. Internet Explorer users can ensure they are using the fixed version of the GpcContainer Class for Internet Explorer by:
1. In Internet Explorer, select the Tools button

2. Select Manage add-ons

3. Select All add-ons from the Show drop-down menu

4. Select the GpcContainer Class add-on under Cisco WebEx LLC
Services Affected:
Web & Video Conferencing
Subsites Affected:
Web Conferencing (Lync and WebEx)
Full Description:
A vulnerability has been detected in the extension used by WebEx to run in all Windows browsers except Edge. Update the extensions for Chrome, Firefox, and Internet Explorer.

Cornell support for WebEx will be retired entirely June 2017. You can switch to the recommended service, Zoom ( http://it.cornell.edu/zoom ) and uninstall WebEx components from your computer.