Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Microsoft Lync 4.0.7577.0 Javascript Injection

🗓️ 13 Jun 2011 00:00:00Reported by Mark LachnietType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 31 Views

Microsoft Lync 4.0.7577.0 Javascript Injection vulnerability, allows arbitrary Javascript insertio

Code
`============================================================================  
Foofus.net Security Advisory: foofus-20110610  
============================================================================  
Title: Javascript Injection in Microsoft Lync  
Version: 4.0.7577.0  
Vendor: Microsoft  
Release Date: 2010-06-10  
Issue Status: Fix available  
============================================================================  
  
1. Summary  
  
Microsoft Lync version 4.0.7577.0 is vulnerable to a javascript injection  
vulnerability.  
  
  
2. Description  
  
Javascript commands can be stacked within the url in the "reachLocale"  
variable in ReachJoin.aspx. Arbitrary javascript can be inserted, with  
some restrictions (notably that characters such as ">" will invoke .NET  
security protections and cause the page to fail to display)  
  
  
3. Proof of Concept  
  
The following URL will load an image in a new window or tab, as well as  
display an alert with arbitrary content:  
  
https://[target]/Reach/Client/WebPages/ReachJoin.aspx?xml=&&reachLocale=en-us%22;var%20xxx=%22http://www.foofus.net/~bede/foofuslogo.jpg%22;open%28xxx%29;alert%28%22error,%20please%20enable%20popups%20from%20this%20server%20and%20reload%20from%20the%20link%20you%20were%20given%22%29//  
  
Pop-ups will need to be enabled in order to load a new tab, but this can be  
circumvented by social engineering (i.e. a dialog box) or possibly by  
more clever javascript insertion.  
  
  
4. Impact  
  
Exploiting this attack allows an adversary to inject most types of  
Javascript into the page and in order to execute client-side attacks or  
perform social engineering attacks. These attacks can easily be manipulated  
to compromise a target workstation.  
  
  
5. Affected Products  
  
Only version 4.0.7577.0 has been tested. This vulnerability may exist in  
other versions.  
  
  
6. Solution  
  
According to Microsoft, the vulnerability can be resolved by updating with  
the "update package for Lync Server 2010, Web Components Server: April 2011"  
at http://support.microsoft.com/kb/2500441  
  
7. Timetable  
  
2011-05-31 Advisory written and submitted to Microsoft  
2011-05-31 Vendor confirms receipt of advisory  
2011-06-10 Vendor confirms vulnerability, advises availability of patch  
2011-06-10 Disclosure  
  
  
8. Reference  
  
http://www.foofus.net/?p=363  
  
9. Credits  
  
[email protected] (Mark Lachniet)  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Jun 2011 00:00Current
7.4High risk
Vulners AI Score7.4
microsoft lyncjavascript injectionvulnerabilityurl manipulationclient-side attackssocial engineeringupdate packagesecurity advisory
31