Lucene search
K
MicrosoftSkype For Business

33 matches found

CVE
CVE
added 2020/07/14 10:53 p.m.546 views

CVE-2020-1025

CVE-2020-1025 affects Microsoft SharePoint Server and Skype for Business Server. The vulnerability is an elevation of privilege caused by improper OAuth token validation, enabling an attacker to bypass authentication by modifying the token. The published fixes modify how tokens are validated to a...

9.8CVSS8.1AI score0.05853EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.385 views

CVE-2024-20673

CVE-2024-20673 is a Microsoft Office remote code execution vulnerability tracked across multiple office-product advisories. Public docs show high-severity risk (CVSS v3.1: 7.8), with exploitation described as a remote code execution requiring local access and user interaction in some vectors. Con...

7.8CVSS7.7AI score0.01177EPSS
CVE
CVE
added 2022/07/12 10:37 p.m.349 views

CVE-2022-33633

CVE-2022-33633 affects Microsoft Skype for Business Server and Microsoft Lync Server (remote code execution). Connected sources reference an input-validation related RCE in Skype/Lync Server components and note affected products include Skype for Business Server 2019 CU6, Server 2015 CU12, and Ly...

7.2CVSS7.4AI score0.02204EPSS
CVE
CVE
added 2019/01/17 6:0 p.m.322 views

CVE-2019-0624

CVE-2019-0624 affects Skype for Business Server 2015 CU8 (Lync/Skype for Business). The vulnerability is a spoofing flaw where a specially crafted web request is not properly sanitized, enabling an authenticated attacker to cause cross-site scripting by luring a user to click a crafted URL. Impac...

5.4CVSS5.3AI score0.01461EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.310 views

CVE-2017-0281

CVE-2017-0281 / CVE-2017-0262 describe a remote code execution flaw in Microsoft Office and related components triggered by memory handling errors while processing specially crafted Office files (EPS in particular). Affected products include Office 2010 SP2, Office 2013 SP1, Office 2016, and broa...

9.3CVSS8.1AI score0.80734EPSS
In wild
CVE
CVE
added 2019/07/15 6:56 p.m.275 views

CVE-2019-1084

CVE-2019-1084 affects Microsoft Exchange (display name creation with non-printable characters) leading to information disclosure. Root cause: display names with invalid characters bypass visibility controls and can be added to conversations; impact is partial confidentiality exposure per CVSS dat...

6.5CVSS5.3AI score0.05328EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.222 views

CVE-2016-7182

CVE-2016-7182 is a true‑type font parsing elevation of privilege vulnerability in the Windows Graphics component. The flaw affects multiple Windows OS versions (Vista SP2, Server 2008 SP2/R2 SP1, Windows 7/8.1/10, Windows Server 2012 R2, Windows RT 8.1, Office 2007/2010, Word Viewer, Skype for Bu...

10CVSS8.7AI score0.30323EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.212 views

CVE-2015-6108

CVE-2015-6108 affects the Windows font library across multiple Windows OS versions (Vista through Windows 8.1/Server 2012) and related Microsoft products, where a crafted embedded font can trigger remote code execution. The vulnerability is described as a memory corruption issue in handling embed...

9.3CVSS7.4AI score0.25998EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.167 views

CVE-2017-0108

CVE-2017-0108 is a remote-code-execution vulnerability in the Windows Graphics Component, exploited via untrusted fonts processed by Uniscribe (usp10.dll) and exposed through graphics-related API calls invoked by user32/draw text paths. Google Project Zero’s Uniscribe fuzzing identified 8 high‑se...

9.3CVSS7AI score0.5047EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.165 views

CVE-2017-0283

CVE-2017-0283 is described in the connected MSKB as a remote code execution vulnerability in Microsoft Office components that could be triggered by opening a specially crafted Office file. The MSKB describes a security update KB3191937 for Skype for Business 2015 (Lync 2013) that addresses CVE-20...

9.3CVSS6.4AI score0.39019EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.157 views

CVE-2017-8527

Technical details for CVE-2017-8527 are not publicly available in the provided documents. No specifics on affected products, vulnerable components, root cause, exploits, or fixes are included here. Monitor for updates from official advisories.

9.3CVSS6AI score0.19023EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.157 views

CVE-2017-8695

CVE-2017-8695 is an information-disclosure vulnerability in Windows Uniscribe where Microsoft’s Graphics Component can leak memory contents when handling objects, exploitable via a specially crafted document or an untrusted webpage. Affected products span Windows versions from Windows Server 2008...

5.3CVSS6AI score0.09643EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.144 views

CVE-2017-0073

Technical details for CVE-2017-0073 are not publicly available in the provided connected documents. The records summarize the vulnerability, but no product/version specifics or exploit information are shown. Monitor for updates from official sources.

4.3CVSS4.3AI score0.33359EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.142 views

CVE-2017-0060

The CVE-2017-0060/0062 issue affects the Graphics Device Interface (GDI) in multiple Windows releases (Vista through Windows 10 variants listed in the initial entry). The vulnerability enables a remote attacker to obtain sensitive information from process memory by visiting a crafted web site, i....

5.5CVSS4.3AI score0.15939EPSS
CVE
CVE
added 2016/04/12 11:0 p.m.141 views

CVE-2016-0145

CVE-2016-0145 is a Graphics Memory Corruption vulnerability in the Windows font library. A remote attacker can execute arbitrary code by delivering a crafted embedded font, affecting Windows flavors listed in the vulnerability entry (e.g., Windows Vista through Windows 10 versions, Windows Server...

9.3CVSS7.7AI score0.43272EPSS
CVE
CVE
added 2018/07/11 12:0 a.m.139 views

CVE-2018-8238

Summary of CVE-2018-8238 (Skype for Business/Lync Security Feature Bypass) : The issue arises when Skype for Business or Lync fail to properly parse UNC path links shared via messages, enabling a security feature bypass. An attacker could exploit this by persuading a logged-in user to click a cra...

9.3CVSS8.1AI score0.05456EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.135 views

CVE-2016-3304

CVE-2016-3304 is the Windows Graphics Component remote code‑execution vulnerability where the Windows font library improperly handles crafted embedded fonts, affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Skype for Business 2016,...

9.3CVSS7.8AI score0.50506EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.131 views

CVE-2016-3301

CVE-2016-3301 affects the Windows Graphics Component in the Windows font library, enabling remote code execution via a crafted embedded font. Affected products include Windows Vista SP2; Windows Server 2008 SP2/R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; W...

9.3CVSS7.8AI score0.44492EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.130 views

CVE-2016-3209

CVE-2016-3209 affects Microsoft GDI+ across Windows Vista/7/8.1/Server 2008-2012 and various Office/.NET components, enabling information disclosure by bypassing ASLR through unspecified vectors. Connected sources confirm exploitation activity (e.g., Exploit DB). Public references note MS16-120 a...

5.5CVSS6AI score0.53653EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.130 views

CVE-2017-8676

CVE-2017-8676 is an information disclosure vulnerability in the Windows GDI+ component. The NVD entry describes that an authenticated attacker can retrieve information from the targeted system by presenting a specially crafted application, affecting a wide range of Windows versions (Windows clien...

3.3CVSS4.9AI score0.1404EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.120 views

CVE-2017-8696

CVE-2017-8696 targets Microsoft Windows components (Windows Uniscribe/Graphics Component) across Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Office for Mac 2011/2016, Skype for Business, Lync, Live Meeting 2007 Add-in/Console. The vulnerability enables r...

7.6CVSS7AI score0.14264EPSS
CVE
CVE
added 2015/11/11 11:0 a.m.114 views

CVE-2015-2503

CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...

9.3CVSS6.8AI score0.1684EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.113 views

CVE-2016-3303

CVE-2016-3303 affects the Windows font library in Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010/Attendee, and Live Meeting 2007 Console. Root cause:** improper handling of construct...

9.3CVSS7.8AI score0.50506EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.107 views

CVE-2016-3396

CVE-2016-3396 is a GDI+ remote code execution in Graphics Device Interface (GDI) that allows a remote attacker to execute arbitrary code via a crafted embedded font. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold/R...

9.3CVSS8.9AI score0.24376EPSS
CVE
CVE
added 2018/11/14 1:0 a.m.104 views

CVE-2018-8546

CVE-2018-8546 is a denial-of-service vulnerability in Skype for Business (also affecting Lync) caused by improper handling of emojis. An attacker could trigger a DoS by sending a sequence of emojis, causing the target service to stop responding. Microsoft’s MSRC advisory notes the fix addresses e...

5.9CVSS6.1AI score0.0546EPSS
CVE
CVE
added 2018/07/11 12:0 a.m.100 views

CVE-2018-8311

CVE-2018-8311 is a remote code execution vulnerability in Skype for Business and Lync caused by improper sanitization of crafted content. The issue could allow code execution in the context of the logged-in user, via remote, user-initiated action (e.g., viewing crafted content or links). Affected...

8.8CVSS8.8AI score0.1662EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.99 views

CVE-2016-3263

CVE-2016-3263 concerns a GDI+/Graphics Device Interface information-disclosure issue across multiple Windows platforms (Vista SP2 through Windows 10 1607, Windows Server equivalents) that allows remote attackers to bypass ASLR via unspecified vectors. Affected components are GDI/GDI+ in Windows a...

5.5CVSS6AI score0.31976EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.97 views

CVE-2015-6107

CVE-2015-6107 concerns a remote-code-execution vulnerability in the Windows font library. The issue arises when parsing specially crafted embedded fonts, enabling arbitrary code execution on affected systems. Public references indicate this affects a broad set of Windows versions (Vista through W...

9.3CVSS7.5AI score0.18247EPSS
CVE
CVE
added 2019/12/10 9:41 p.m.97 views

CVE-2019-1490

CVE-2019-1490 affects Skype for Business Server; the root cause is improper sanitization of specially crafted requests, enabling cross-site scripting and spoofed UI when a user visits a crafted URL. An authenticated attacker can exploit by sending such a request; exploitation typically requires u...

5.4CVSS5.5AI score0.01432EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.91 views

CVE-2017-11786

CVE-2017-11786 affects Microsoft Lync 2013 SP1 and Skype for Business 2016. Root cause: improper handling of authentication requests, enabling an attacker to steal an authentication hash and reuse it elsewhere. Impact: privilege escalation and potential unauthorized actions by the attacker using ...

9.3CVSS8.2AI score0.09392EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.88 views

CVE-2016-3262

CVE-2016-3262 and CVE-2016-3263 describe a Graphics Device Interface (GDI+/GDI) information-disclosure problem in multiple Windows versions. The description specifies that remote attackers can bypass ASLR through unspecified vectors. Affected products include Windows Vista SP2, Windows Server 200...

5.5CVSS6AI score0.31976EPSS
CVE
CVE
added 2015/11/11 11:0 a.m.76 views

CVE-2015-6061

CVE-2015-6061 is an XSS/info-disclosure flaw in Microsoft Skype for Business 2016, Lync 2010/2013 SP1, Lync 2010 Attendee, and Lync Room System caused by improper sanitization of instant-message content. A remote attacker can inject arbitrary web script/HTML via an IM session, potentially leaking...

4.3CVSS5.5AI score0.12811EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.76 views

CVE-2015-6106

CVE-2015-6106 affects the Windows font library across multiple Windows/Vista/Server and Office/Skype/Lync versions. The vulnerability is a memory corruption issue triggered by specially crafted embedded fonts, enabling remote code execution with the attacker-controlled font data. Connected source...

9.3CVSS7.5AI score0.17321EPSS