CVE-2014-1823

Cross-site scripting XSS vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitization Vulnerability."...

Cross site scripting

Cross-site scripting XSS vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitization Vulnerability."...

CVE-2014-1823

CVE-2014-1823 is an XSS vulnerability affecting Microsoft Lync Server 2010 and 2013, specifically in the Web Components Server. A crafted URL containing a valid meeting ID can be used to inject arbitrary web script or HTML remotely. Multiple connected advisories corroborate the issue as an inform...

CVE-2014-1823

Cross-site scripting XSS vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitization Vulnerability."...

Microsoft Lync Attendee Remote Code Execution Vulnerabilities (2967487)

This host is missing a critical security update according to Microsoft Bulletin MS14-036. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS14-036: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (2967487)

The version of Microsoft's Graphics Component installed on the remote host is affected by code execution vulnerabilities due to the way GDI+ handles image record types in specially crafted files. A remote, unauthenticated attacker could exploit these issues by tricking a user into viewing content...

Microsoft Lync Remote Code Execution Vulnerabilities (2967487)

This host is missing a critical security update according to Microsoft Bulletin MS14-036. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Lync Server Information Disclosure Vulnerability (2969258)

This host is missing an important security update according to Microsoft Bulletin MS14-032. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS14-032: Vulnerability in Microsoft Lync Server Could Allow Information Disclosure (2969258)

The version of Microsoft Lync Server installed on the remote host is affected by an information disclosure vulnerability that can be exploited by tricking a user into clicking a specially crafted URL. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid74424;...

June 2014 Microsoft Patch Tuesday security updates

As expected, Microsoft delivered a patch today for a zero-day vulnerability in Internet Explorer 8 that was disclosed by HP’s Zero Day Initiative three weeks ago, six months after it was reported to the ZDI. The IE8 patch, MS14-035, is included in a cumulative Internet Explorer rollup that patche...

MS14-036: Vulnerabilities in Microsoft graphics component could allow remote code execution: June 10, 2014

Resolves vulnerabilities in Windows, Microsoft Office, and Microsoft Lync that could allow remote code execution if a user opens a specially crafted file or webpage.INTRODUCTIONMicrosoft has released security bulletin MS14-036. To learn more about this security bulletin:Home...

Microsoft Lync Server CVE-2014-1823 Information Disclosure Vulnerability

Description Microsoft Lync Server is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Lync Server 2010 Microsoft Lync Server 2013 Recommendations Run all software as ...

MS14-036: Description of the security update for Windows 8.1 and Windows Server 2012 R2: June 10, 2014

Resolves vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync that could allow remote code execution if a user opens a specially crafted file or webpage.IntroductionThis security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync that...

Microsoft Lync Server Information Disclosure (MS14-032; CVE-2014-1823)

An information disclosure vulnerability exists when Lync Server fails to properly sanitize specially crafted content. The vulnerability is caused when Lync Server does not properly sanitize specially crafted content. An attacker who successfully exploited this vulnerability could potentially...

Microsoft Windows Graphics Component CVE-2014-1818 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura Conferencing 6.0 SP1...

MS13-096: Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (2908005)

The version of Microsoft's Graphics Component installed on the remote host is affected by a heap overflow vulnerability. Specially crafted TrueType font files are not processed properly. A remote, unauthenticated attacker could exploit this vulnerability by getting a user to view content that...

Microsoft Lync Attendee Remote Code Execution Vulnerability (2908005)

This host is missing a critical security update according to Microsoft Bulletin MS13-096. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Lync Remote Code Execution Vulnerability (2908005)

This host is missing a critical security update according to Microsoft Bulletin MS13-096. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft released Security Patch for CVE-2013-5065 TIFF Zero-Day vulnerability

Microsoft has released 11 Security Patch this Tuesday, including one for CVE-2013-5065 zero-day vulnerability, recently discovered Local privilege escalation vulnerability that could allow a hacker to launch an attack using corrupted TIFF images to take over victims' computers. FireEye researcher...

Microsoft Releases December 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Lync, Internet Explorer, Microsoft Exchange, Microsoft SharePoint, and Microsoft Developer Tools as part of the Microsoft Security Bulletin Summary for December 2013. These vulnerabilities...