Microsoft Lync and Skype for Business Security Bypass (MS15-123: CVE-2015-6061)

A security bypass vulnerability exists in Skype for Business and Lync Servers. The vulnerability is due to improper sanitizing of specially crafted content. A remote attacker could trigger this flaw by convincing a victim to open an instant message session and then send that user a message...

Microsoft Lync Attendee Remote Code Execution Vulnerabilities (3104503)

This host is missing a critical security update according to Microsoft Bulletin MS15-128. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2015-6061

Cross-site scripting XSS vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script or HTML via an instant-message session, aka "Server Input Validation Information Disclosure...

MS15-123: Security update for Skype for Business and Lync to address information disclosure: November 10, 2015

Resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a user to an instant message session and then sends that user a message that contains specially crafted JavaScript content.SummaryThis security update...