Microsoft Lync Server Multiple Vulnerabilities (3089952)

This host is missing an important security update according to Microsoft Bulletin MS15-104. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Lync Buffer Overflow Vulnerability (3089656)

This host is missing a critical security update according to Microsoft Bulletin MS15-097. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2015-2536

The CVE-2015-2536 issue is an XSS vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015. The root cause is improper sanitization of input (notably via crafted URLs in the web context), enabling remote attackers to execute arbitrary script or HTML in a logged-in user’s bro...

CVE-2015-2532

Microsoft Lync Server 2013 contains a cross-site scripting vulnerability (CVE-2015-2532) triggered by a crafted URL, due to improper sanitization (jQuery-based context cited). It permits remote attackers to run arbitrary web script in a user’s browser, as described in the CVE record and corrobora...

CVE-2015-2510

Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a...

CVE-2015-2532

Cross-site scripting XSS vulnerability in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync Server XSS Information Disclosure Vulnerability."...

KLA10657 Multiple vulnerabilities in Microsoft communication services

Improper content sanitization at jQuery engine and other vectors were found in Lync Server and Skype for Business Server. By exploiting these vulnerabilities malicious users can gain privileges or obtain sensitive information. These vulnerabilities can be exploited remotely via a specially design...

MS15-104: Vulnerabilities in Skype for Business Server and Lync Server could allow elevation of privilege: September 8, 2015

This security update resolves vulnerabilities in Skype for Business and Microsoft Lync Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL.SummaryThis security update resolves vulnerabilities in Skype for Business and...

MS15-097: Vulnerabilities in the Microsoft graphics component could allow remote code execution: September 8, 2015

Resolves vulnerabilities in Windows, Office, and Lync that could allow remote code execution if a user opens a specially crafted document or goes to an untrusted webpage that contains embedded OpenType fonts.SummaryThis security update resolves vulnerabilities in Windows, Microsoft Office, and...

Microsoft Skype for Business and Lync Server CVE-2015-2536 Cross Site Scripting Vulnerability

Description Microsoft Skype for Business and Lync Server are prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

KLA10656 Multiple vulnerabilities in Microsoft Windows

Multiple serious vulnerabilities have been found in Microsoft Windows and related products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges or execute arbitrary code. Below is a complete list of vulnerabilities 1. Imprope...

Microsoft Windows OpenType Fonts CVE-2015-2510 Buffer Overflow Vulnerability

Description Microsoft Windows is prone to a remote buffer-overflow vulnerability. Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Avaya Meeting...

Microsoft Skype for Business and Lync Server CVE-2015-2531 Cross Site Scripting Vulnerability

Description Microsoft Skype for Business and Microsoft Skype Lync Server are prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

Microsoft Lync Server Detection (HTTP)

The script sends a HTTP request to the server and attempts to identify Microsoft Lync Server. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

NetRipper - Smart Traffic Sniffing for Penetration Testers

NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption. NetRipp...

CVE-2015-2431

Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library OGL font, aka "Microsoft Office Graphics Component Remote Code Execution...

Design/Logic Flaw

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1,...

Remote code execution

Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library OGL font, aka "Microsoft Office Graphics Component Remote Code Execution...

Design/Logic Flaw

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight...

CVE-2015-2431

CVE-2015-2431 is a remote code execution vulnerability in Microsoft Office Graphics Library (OGL) fonts. Affected products include Office 2007 SP3, Office 2010 SP2, Live Meeting 2007 Console, Lync 2010/Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1. The underlying issue is with OGL font handlin...