CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
92.6%
An improper information sanitization was found in Microsoft Lync and Skype for Business. By exploiting this vulnerability malicious users can execute arbitrary code or obtain sensitive information. This vulnerability can be exploited remotely via a specially designed message.
Technical details
This vulnerability can be triggered via specially designed JavaScript content in message. It can be used to execute arbitrary HTML & JS content in vulnerable application context, open webpage via default browser or potentially trigger URIs, defined by other applications.
CVE-2015-6061 warning
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
support.microsoft.com/kb/3085634
support.microsoft.com/kb/3096735
support.microsoft.com/kb/3096736
support.microsoft.com/kb/3096738
support.microsoft.com/kb/3101496
support.microsoft.com/kb/3105872
support.microsoft.com/kb/3108096
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6061
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Lync/