Memory corruption

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10 Gold and 1511, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010...

CVE-2015-6107

CVE-2015-6107 concerns a remote-code-execution vulnerability in the Windows font library. The issue arises when parsing specially crafted embedded fonts, enabling arbitrary code execution on affected systems. Public references indicate this affects a broad set of Windows versions (Vista through W...

CVE-2015-6106

CVE-2015-6106 affects the Windows font library across multiple Windows/Vista/Server and Office/Skype/Lync versions. The vulnerability is a memory corruption issue triggered by specially crafted embedded fonts, enabling remote code execution with the attacker-controlled font data. Connected source...

Microsoft Lync Remote Code Execution Vulnerabilities (3104503)

This host is missing a critical security update according to Microsoft Bulletin MS15-128. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Lync Attendee Remote Code Execution Vulnerabilities (3104503)

This host is missing a critical security update according to Microsoft Bulletin MS15-128. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Windows Graphics Component CVE-2015-6106 Memory Corruption Vulnerability

Description Microsoft Windows is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Live Meeting 2007 Console...

Microsoft Windows Graphics Component CVE-2015-6108 Memory Corruption Vulnerability

Description Microsoft Windows is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft .NET Framework 3.0 SP2...

KLA10718 Code execution vulnerabilities in Microsoft Graphics Component

Improper fonts handling was found in Microsoft Graphics Component used in Multiple Microsoft products. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed content. Original advisories CVE-2015-6108...

MS15-128: Security update for Microsoft graphics component to address remote code execution: December 8, 2015

Resolves vulnerabilities in Microsoft Windows, .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync, and Silverlight. The vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded...

The vulnerabilities of Microsoft Lync and Skype for Business messaging applications allow a hacker to inject arbitrary web scripts or HTML code.

The vulnerability of Microsoft Lync and Skype for Business instant messaging programs exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web scripts or HTML code through instant messaging...

Microsoft Skype for Business Cross-Site Scripting Vulnerability

Microsoft Skype for Business is an enterprise-class communication tool from Microsoft Corporation that enhances support for intra-enterprise communications as well as content sharing and collaboration. Cross-site scripting vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1...

CVE-2015-6061

Cross-site scripting XSS vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script or HTML via an instant-message session, aka "Server Input Validation Information Disclosure...

Information disclosure

Cross-site scripting XSS vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script or HTML via an instant-message session, aka "Server Input Validation Information Disclosure...

CVE-2015-6061

CVE-2015-6061 is an XSS/info-disclosure flaw in Microsoft Skype for Business 2016, Lync 2010/2013 SP1, Lync 2010 Attendee, and Lync Room System caused by improper sanitization of instant-message content. A remote attacker can inject arbitrary web script/HTML via an IM session, potentially leaking...

CVE-2015-6061

Cross-site scripting XSS vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script or HTML via an instant-message session, aka "Server Input Validation Information Disclosure...

Microsoft Lync Attendee Information Disclosure Vulnerability (3105872)

This host is missing an important security update according to Microsoft Bulletin MS15-123. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Lync Information Disclosure Vulnerability (3105872)

This host is missing an important security update according to Microsoft Bulletin MS15-123. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

November 2015 Patch Tuesday Brings 12 Updates, Four Critical

Microsoft today pushed out 12 bulletins as part of November’s Patch Tuesday, including four critical updates, all of which can lead to remote code execution. The update is rounded out by fixes for Windows, Lync, .NET, and Skype for Business, but there are two critical fixes that affect browsers o...

Microsoft Office CVE-2015-2503 Privilege Escalation Vulnerability

Description Microsoft Office is prone to a privilege-escalation vulnerability. An attacker can leverage this issue to execute arbitrary code with elevated privileges in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions...

KLA10693 Information disclosure vulnerability in Microsoft Lync & Skype for Business

An improper information sanitization was found in Microsoft Lync and Skype for Business. By exploiting this vulnerability malicious users can execute arbitrary code or obtain sensitive information. This vulnerability can be exploited remotely via a specially designed message. Technical details Th...