IE9 / SharePoint / Lync toStaticHTML HTML Sanitizing Bypass

Exploit for windows platform in category dos / poc toStaticHTML: The Second Encounter CVE-2012-1858 HTML Sanitizing Bypass - CVE-2012-1858 Original advisory -...

Microsoft Lync Insecure Library Loading Code Execution (MS12-039; CVE-2012-1849)

A remote code execution vulnerability has been reported in Microsoft Lync...

Microsoft Lync Remote Code Execution Vulnerabilities (2707956)

This host is missing a critical security update according to Microsoft Bulletin MS12-039. OpenVAS Vulnerability Test $Id: secpodms12-039.nasl 6473 2017-06-29 06:07:30Z cfischer $ Microsoft Lync Remote Code Execution Vulnerabilities 2707956 Authors: Sooraj KS Copyright: Copyright c 2012 SecPod,...

Microsoft Lync Remote Code Execution Vulnerabilities (2707956)

This host is missing a critical security update according to Microsoft Bulletin MS12-039. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Lync/Office Communicator HTML代码过滤漏洞 (CVE-2012-1858) (MS12-039)

CVE ID: CVE-2012-1858 Microsoft Lync 新一代企业整合沟通平台（前身为 Communications Server），提供了一种全新的、直观的用户体验，跨越 PC、Web、手机等其他移动设备，将不同的沟通方式集成到一个平台之中。 Microsoft Lync HTML过滤时存在信息泄露漏洞，可允许攻击者执行XSS攻击和运行脚本。 0 Microsoft Lync 2010 Microsoft Office Communicator 2007 临时解决方法： 如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁：...

Mictosoft Lync multiple security vulnerabilities

Font parsing vulnerabilities, unsafe DLL loading, crossite scripting...

MS12-039: Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)

The remote Windows host is potentially affected by the following vulnerabilities : - Multiple code execution vulnerabilities exist in the handling of specially crafted TrueType font files. CVE-2011-3402, CVE-2012-0159 - An insecure library loading vulnerability exists in the way that Microsoft Ly...

Microsoft Lync Version Detection

Detects the installed version of Microsoft Lync. The script logs in via smb, searches for Microsoft Lync in the registry and gets the version from Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

CVE-2012-1849

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading...

Cross site scripting

The toStaticHTML API aka the SafeHTML component in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted...

CVE-2012-1858

The toStaticHTML API aka the SafeHTML component in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted...

CVE-2012-1849

CVE-2012-1849 is an Untrusted search path DLL loading vulnerability in Microsoft Lync 2010 and related components (Attendee/Attendant). The root cause is loading of a Trojan horse DLL from the current working directory, demonstrated with a .ocsmeet file, enabling local privilege elevation. Affect...

CVE-2012-1849

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading...

MS12-039: Description of the security update for Lync 2010 Attendee (user level install): June 12, 2012

Resolves vulnerabilities in Microsoft Lync that could allow remote code execution if a user views shared content that contains specially crafted TrueType fonts.INTRODUCTIONMicrosoft has released security bulletin MS12-039. To view the complete security bulletin, go to one of the following Microso...

Microsoft Lync CVE-2012-1849 DLL Loading Arbitrary Code Execution Vulnerability

Description Microsoft Lync is prone to vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location which contains a specially crafted Dynamic Link Library...

Microsoft Internet Explorer And Microsoft Lync HTML Sanitizing Information Disclosure Vulnerability

Description Microsoft Internet Explorer and Microsoft Lync are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Groove Server 2010 Microsoft Groove Server 2010 SP1...

PT-2012-3601 · Microsoft · Lync +4

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 8 through 9 Microsoft Communicator version 2007 R2 Microsoft Lync versions 2010 through 2010 Attendee Description: The toStaticHTML API, also known as the SafeHTML component, does not properly handle event...

Microsoft Releases June Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Lync, and Dynamics AX as part of the Microsoft Security Bulletin Summary for June 2012. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated...

Microsoft Windows TrueType Font Engine CVE-2012-0159 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the TrueType Font engine. An attacker can exploit this issue through the Windows Kernel-Mode drivers to execute arbitrary code in kernel mode. The attacker can also exploit this issue through Microsoft...

Description of the update for Lync 2010: March 2012

Describes the issues that are fixed in the March 2012 update for Lync 2010.SummaryThis article describes the update for Microsoft Lync 2010 that is dated March 2012.This article describes the following items about the update package:The issues that the update package fixes.The prerequisites for...