MS13-041: Vulnerability in Lync could allow remote code execution: May 14, 2013

Resolves a vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted file or previews a specially crafted email message in an affected version of Microsoft Office software.INTRODUCTIONMicrosoft has released security bulletin MS13-041. To view the...

Preemptive Protection against Microsoft Lync Remote Code Execution (MS13-035; CVE-2013-1302)

A remote code execution vulnerability has been reported in Microsoft Lync. The vulnerability is due the way Lync control attempts to access an object in memory that has been deleted. An attacker could exploit the vulnerability by convincing the user to accept an invitation to launch specially...

Microsoft Lync CVE-2013-1302 Remote Code Execution Vulnerability

Description Microsoft Lync is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Lync 2010 32-bit Microso...

Microsoft Patch Tuesday to fix critical IE8 zero-day flaw

This coming Tuesday, Microsoft will issue fixes for 33 vulnerabilities in total, including two critical zero-day flaws relating to Internet Explorer recently discovered that has been used to attack several high-profile targets. Internet Explorer 6, 7, 8, 9 and 10 are the recipients of a patch tha...

Microsoft Patch Tuesday to fix critical IE8 zero-day flaw

This coming Tuesday, Microsoft will issue fixes for 33 vulnerabilities in total, including two critical zero-day flaws relating to Internet Explorer recently discovered that has been used to attack several high-profile targets. Internet Explorer 6, 7, 8, 9 and 10 are the recipients of a patch tha...

Microsoft Lync 'User-Agent'跨站脚本执行漏洞

BUGTRAQ ID: 57300 Microsoft Lync 新一代企业整合沟通平台（前身为 Communications Server），提供了一种全新的、直观的用户体验，跨越 PC、Web、手机等其他移动设备，将不同的沟通方式集成到一个平台之中。 Microsoft Lync没有正确过滤meet.domainame.com的“User-Agent Header”，通过将JS插入到上诉参数和栈命令，攻击者可利用此漏洞在应用的上下文中执行任意命令。 0 Microsoft Lync 2010 4.0.7577.0 厂商补丁： Microsoft ---------...

Microsoft Lync 2012 Code Execution

Summary ======= Microsoft Lync 2010 fails to properly sanitize user-supplied input, which can lead to remote code execution. Microsoft was originally notified of this issue December 11, 2012. The details of this issue were made public January 11, 2013. CVE number: Not Assigned Impact: Low Vendor...

Microsoft Lync 2012 Code Execution Vulnerability

Microsoft Lync 2012 fails to properly sanitize user-supplied input, whichcan lead to remote code execution. Summary ======= Microsoft Lync 2010 fails to properly sanitize user-supplied input, which can lead to remote code execution. Microsoft was originally notified of this issue December 11, 201...

Microsoft Lync 2010 4.0.7577.0 - User-Agent Header Handling Arbitrary Command Execution

Microsoft Lync 2010 4.0.7577.0 - User-Agent Header Handling Arbitrary Command Execution source: https://www.securityfocus.com/bid/57300/info Microsoft Lync is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this iss...

Microsoft Lync 2010 4.0.7577.0 - User-Agent Header Handling Arbitrary Command Execution

source: https://www.securityfocus.com/bid/57300/info Microsoft Lync is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the contex...

Microsoft多个产品HTML过滤组件跨站脚本执行漏洞（MS12-066）

CVECAN ID: CVE-2012-2520 Microsoft是一家基于美国的跨国电脑科技公司。以研发、制造、授权和提供广泛的电脑软件服务业务为主。 Microsoft多个产品在HTML过滤组件内没有正确过滤某些输入即返给用户使用。成功利用此漏洞的攻击者可执行跨站脚本攻击并以当前用户权限运行脚本。 0 Microsoft SharePoint Server 2007 Microsoft Office Web Apps Microsoft Groove Server 2010 Microsoft Lync 2010 Microsoft Office Communicator 2007...

Microsoft SharePoint和Microsoft Lync HTML过滤跨站脚本执行漏洞 (MS12-067)

BUGTRAQ ID: 55797 CVECAN ID: CVE-2012-2520 SharePoint Server是一个服务器功能集成套件，提供全面的内容管理和企业搜索，加速共享业务流程并简化跨界限信息共享。Microsoft Lync 新一代企业整合沟通平台（前身为 Communications Server），提供了一种全新的、直观的用户体验，跨越PC、Web、手机等其他移动设备，将不同的沟通方式集成到一个平台之中。 Microsoft SharePoint和Microsoft Lync存在跨站脚本执行漏洞，攻击者可利用此漏洞在受影响站点用户浏览器中执行任意脚本代码。 0...

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office W...

CVE-2012-2520

CVE-2012-2520 is a cross-site scripting vulnerability in Microsoft’s HTML sanitization component affecting multiple products (InfoPath 2007/2010, Communicator/Lync 2010, SharePoint Server/Foundation, Groove Server, Office Web Apps). The issue arises from improper input filtering in the HTML sanit...

Microsoft SharePoint And Microsoft Lync HTML Sanitization Cross Site Scripting Vulnerability

Description Microsoft SharePoint and Microsoft Lync are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affect...

Microsoft Releases October Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, SQL Server, Server Software, Office, and Lync as part of the Microsoft Security Bulletin summary for October 2012. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service...

Microsoft to Fix Critical Word Flaw in October Patch Tuesday

Microsoft will release seven bulletins in the October Patch Tuesday next week, fixing 20 total vulnerabilities in Windows, Office, Lync and SQL Server. Only one of the bulletins is rated critical, while the six others are rated important. The one critical bulletin affects Microsoft Office 2003,...

Microsoft Internet Explorer 9 SharePoint Lync - toStaticHTML HTML Sanitizing Bypass (MS12-037MS12-039MS12-050)

Microsoft Internet Explorer 9 SharePoint Lync - toStaticHTML HTML Sanitizing Bypass MS12-037MS12-039MS12-050 toStaticHTML: The Second Encounter CVE-2012-1858 HTML Sanitizing Bypass - CVE-2012-1858 Original advisory -...

Microsoft Internet Explorer 9 / SharePoint / Lync - toStaticHTML HTML Sanitizing Bypass (MS12-037/MS12-039/MS12-050)

toStaticHTML: The Second Encounter CVE-2012-1858 HTML Sanitizing Bypass - CVE-2012-1858 Original advisory - http://blog.watchfire.com/wfblog/2012/07/tostatichtml-the-second-encounter-cve-2012-1858-html-sanitizing-information-disclosure-introduction-t.html Introduction The toStaticHTML component,...

toStaticHTML HTML Sanitizing Bypass

toStaticHTML: The Second Encounter CVE-2012-1858 HTML Sanitizing Bypass - CVE-2012-1858 Original advisory - http://blog.watchfire.com/wfblog/2012/07/tostatichtml-the-second-encounter-cve-2012-1858-html-sanitizing-information-disclosure-introduction-t.html Introduction The toStaticHTML component,...