KLA10693 Information disclosure vulnerability in Microsoft Lync & Skype for Business

An improper information sanitization was found in Microsoft Lync and Skype for Business. By exploiting this vulnerability malicious users can execute arbitrary code or obtain sensitive information. This vulnerability can be exploited remotely via a specially designed message. Technical details Th...

Microsoft Office CVE-2015-2503 Privilege Escalation Vulnerability

Description Microsoft Office is prone to a privilege-escalation vulnerability. An attacker can leverage this issue to execute arbitrary code with elevated privileges in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions...

The vulnerabilities of Microsoft Lync Server and Skype for Business Server allow attackers to inject arbitrary web or HTML code.

The vulnerability of the jQuery server messaging components in Microsoft Lync Server and Skype for Business Server exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code through a special...

The vulnerability of the ATML component in Microsoft Lync, the Microsoft Office suite, and the Windows operating system allows a perpetrator to execute arbitrary code.

The vulnerability of the ATML component in Microsoft Lync, the Microsoft Office suite, and the Windows operating system is due to buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted script file...

The vulnerability of Skype for Business Server and Microsoft Lync Server allows a hacker to inject arbitrary web or HTML code.

The vulnerabilities of Skype for Business Server and Microsoft Lync Server exist due to the lack of measures taken to protect the website structure. Exploiting these vulnerabilities allows a malicious actor to inject arbitrary web or HTML code through a specially crafted URL...

The vulnerability of Microsoft Lync Server’s messaging server allows a hacker to inject arbitrary web or HTML code.

The vulnerability of Microsoft Lync Server’s messaging server exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code through a specially crafted URL...

Microsoft Lync Server / Skype for Business crossite scripting

Multiple crossite scripting possibilities...

Microsoft Lync Server/Skype for Business Server Cross-Site Scripting Vulnerability

Microsoft Lync is the next generation of integrated enterprise communication platform. A cross-site scripting vulnerability exists in Microsoft Lync Server 2013 and Skype for Business Server 2015, which can be exploited by remote attackers to inject arbitrary web script or HTML via a constructed...

Microsoft Lync Server Cross-Site Scripting Vulnerability (CNVD-2015-05942)

Microsoft Lync is the next generation of integrated enterprise communication platform. Microsoft Lync Server 2013 and Skype for Business Server 2015, a cross-site scripting vulnerability exists in the jQuery engine, which can be exploited by remote attackers to inject arbitrary web script or HTML...

Microsoft Lync Server Cross-Site Scripting Vulnerability (CNVD-2015-05941)

Microsoft Lync is the next generation of integrated enterprise communication platform. A cross-site scripting vulnerability exists in Microsoft Lync Server 2013, which can be exploited by remote attackers to inject arbitrary web script or HTML via a constructed URL...

CVE-2015-2536

Cross-site scripting XSS vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability."...

CVE-2015-2531

Cross-site scripting XSS vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability."...

Design/Logic Flaw

Cross-site scripting XSS vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability."...

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability."...

Buffer overflow

Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a...

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync Server XSS Information Disclosure Vulnerability."...

CVE-2015-2531

CVE-2015-2531 is an XSS vulnerability in the jQuery engine used by Microsoft Lync Server 2013 and Skype for Business Server 2015. The issue allows an unauthenticated, remote attacker to inject arbitrary web script or HTML via a crafted URL, potentially exposing session information and enabling sc...

Microsoft Lync Attendee Buffer Overflow Vulnerability (3089656)

This host is missing a critical security update according to Microsoft Bulletin MS15-097. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS15-104: Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (3089952)

The remote Windows host is missing a security update. It is, therefore, affected by multiple cross-site scripting vulnerabilities in Skype for Business Server and Lync Server : - A cross-site scripting vulnerability exists in Skype for Business Server and Lync Server due to a failure by the jQuer...

CVE-2015-2531

Cross-site scripting XSS vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability."...