CVE-2013-1302

The CVE-2013-1302 issue affects Microsoft Lync-related clients and servers (Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, Lync Server 2013). It is a use-after-free in which Lync components fail to handle memory objects that have been deleted, enabling remote code execution when a user is i...

MS13-041: Vulnerability in Lync Could Allow Remote Code Execution (2834695)

The version of Microsoft Communicator and/or Lync installed on the remote host is potentially affected by a remote code execution if an attacker shares specially crafted content, such as a file or program, as a presentation in Lync or Communicator. C Tenable Network Security, Inc...

Microsoft Lync Remote Code Execution Vulnerability (2834695)

This host is missing an important security update according to Microsoft Bulletin MS13-041. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft多个产品HTML过滤组件跨站脚本执行漏洞（MS12-066）

CVECAN ID: CVE-2012-2520 Microsoft是一家基于美国的跨国电脑科技公司。以研发、制造、授权和提供广泛的电脑软件服务业务为主。 Microsoft多个产品在HTML过滤组件内没有正确过滤某些输入即返给用户使用。成功利用此漏洞的攻击者可执行跨站脚本攻击并以当前用户权限运行脚本。 0 Microsoft SharePoint Server 2007 Microsoft Office Web Apps Microsoft Groove Server 2010 Microsoft Lync 2010 Microsoft Office Communicator 2007...

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office W...

CVE-2012-2520

CVE-2012-2520 is a cross-site scripting vulnerability in Microsoft’s HTML sanitization component affecting multiple products (InfoPath 2007/2010, Communicator/Lync 2010, SharePoint Server/Foundation, Groove Server, Office Web Apps). The issue arises from improper input filtering in the HTML sanit...

Cisco IP Communicator Certificate Trust List Man-in-the-Middle Attack Vulnerability

Cisco IP Communicator contains a vulnerability that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks on a targeted system. The vulnerability is due insufficient validation of signing certificates in the Certificate Trust List which have been accepted by end...

CVE-2012-2490

Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List via unspecified vectors, aka Bug ID CSCtz01471...

Code injection

Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List via unspecified vectors, aka Bug ID CSCtz01471...

CVE-2012-2490

Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List via unspecified vectors, aka Bug ID CSCtz01471...

CVE-2012-2490

CVE-2012-2490 affects Cisco IP Communicator 8.6. An unauthenticated, remote attacker could carry out a Man-in-the-Middle attack to replace or modify the Certificate Trust List due to insufficient validation of signing certificates in the Trust List (Bug CSCtz01471). Exploitation details are not f...

Microsoft Lync/Office Communicator HTML代码过滤漏洞 (CVE-2012-1858) (MS12-039)

CVE ID: CVE-2012-1858 Microsoft Lync 新一代企业整合沟通平台（前身为 Communications Server），提供了一种全新的、直观的用户体验，跨越 PC、Web、手机等其他移动设备，将不同的沟通方式集成到一个平台之中。 Microsoft Lync HTML过滤时存在信息泄露漏洞，可允许攻击者执行XSS攻击和运行脚本。 0 Microsoft Lync 2010 Microsoft Office Communicator 2007 临时解决方法： 如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁：...

Microsoft Lync Remote Code Execution Vulnerabilities (2707956)

This host is missing a critical security update according to Microsoft Bulletin MS12-039. OpenVAS Vulnerability Test $Id: secpodms12-039.nasl 6473 2017-06-29 06:07:30Z cfischer $ Microsoft Lync Remote Code Execution Vulnerabilities 2707956 Authors: Sooraj KS Copyright: Copyright c 2012 SecPod,...

Microsoft Lync Version Detection

Detects the installed version of Microsoft Lync. The script logs in via smb, searches for Microsoft Lync in the registry and gets the version from Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Cross site scripting

The toStaticHTML API aka the SafeHTML component in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted...

CVE-2012-1858

The toStaticHTML API aka the SafeHTML component in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted...

PT-2012-3601 · Microsoft · Lync +4

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 8 through 9 Microsoft Communicator version 2007 R2 Microsoft Lync versions 2010 through 2010 Attendee Description: The toStaticHTML API, also known as the SafeHTML component, does not properly handle event...

CVE-2012-0361

The sccp-protocol component in Cisco IP Communicator CIPC 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager CUCM, which allows remote attackers to cause a denial of service via vectors that trigger 1 on hook and 2 off hook messages, as demonstrated b...

Code injection

The sccp-protocol component in Cisco IP Communicator CIPC 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager CUCM, which allows remote attackers to cause a denial of service via vectors that trigger 1 on hook and 2 off hook messages, as demonstrated b...

CVE-2012-0361

The sccp-protocol component in Cisco IP Communicator CIPC 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager CUCM, which allows remote attackers to cause a denial of service via vectors that trigger 1 on hook and 2 off hook messages, as demonstrated b...