7 matches found
CVE-2012-1858
CVE-2012-1858 concerns the toStaticHTML (SafeHTML) sanitization function used in Internet Explorer 8/9, SharePoint, and Lync/Communicator. The vulnerability arises because the HTML sanitization logic can be bypassed via crafted HTML/CSS, enabling cross-site scripting (XSS) or information disclosu...
CVE-2013-1302
The CVE-2013-1302 issue affects Microsoft Lync-related clients and servers (Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, Lync Server 2013). It is a use-after-free in which Lync components fail to handle memory objects that have been deleted, enabling remote code execution when a user is i...
CVE-2012-2520
CVE-2012-2520 is a cross-site scripting vulnerability in Microsoft’s HTML sanitization component affecting multiple products (InfoPath 2007/2010, Communicator/Lync 2010, SharePoint Server/Foundation, Groove Server, Office Web Apps). The issue arises from improper input filtering in the HTML sanit...
CVE-2008-3068
Microsoft Crypto API 5.131.2600.2180 through 6.0 (used in Outlook, Windows Live Mail, and Office 2007) performs CRL checks by using an arbitrary URL from a certificate embedded in an S/MIME email or a signed document via the Authority Information Access (AIA) extension. This allows remote attacke...
CVE-2008-5180
Microsoft Communicator and the Communicator component in Office 2010 beta are affected by CVE-2008-5180. The vulnerability allows remote attackers to cause a denial of service (memory consumption) by sending a large number of SIP INVITE requests, which triggers the creation of many sessions. The ...
CVE-2008-5181
CVE-2008-5181 affects Microsoft Communicator. It enables remote attackers to cause a denial of service (application or device outage) by sending instant messages containing large numbers of emoticons. The vulnerability is network-exposed, requires no authentication, and results in partial loss of...
CVE-2008-5179
The CVE-2008-5179 entry describes an unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger that enables remote attackers to trigger a denial-of-service (crash) by sending a crafted RTCP receiver report packet. The vulnerability ...