Lucene search
RootSSV:60209HistoryJun 13, 2012 - 12:00 a.m.
Microsoft Lync/Office Communicator HTML代码过滤漏洞 (CVE-2012-1858) (MS12-039)
2012-06-1300:00:00
Root
www.seebug.org
17
0.969 High
EPSS
Percentile
99.6%
CVE ID: CVE-2012-1858
Microsoft Lync 新一代企业整合沟通平台(前身为 Communications Server),提供了一种全新的、直观的用户体验,跨越 PC、Web、手机等其他移动设备,将不同的沟通方式集成到一个平台之中。
Microsoft Lync HTML过滤时存在信息泄露漏洞,可允许攻击者执行XSS攻击和运行脚本。
0
Microsoft Lync 2010
Microsoft Office Communicator 2007
临时解决方法:
如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁:
-
禁止从WebDAV和远程网络共享加载库。
-
在防火墙阻止TCP端口139和445
厂商补丁:
Microsoft
Microsoft已经为此发布了一个安全公告(MS12-039)以及相应补丁:
MS12-039:Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
链接:http://www.microsoft.com/technet/security/bulletin/MS12-039 .asp
Related
checkpoint_advisories
checkpoint_advisories
exploitpack
exploitpack
cve
cve
CVE-2012-1858
2012-06-12 22:55:00
seebug
seebug
IE9, SharePoint, Lync toStaticHTML HTML Sanitizing Bypass
2014-07-01 00:00:00
prion
prion
Cross site scripting
2012-06-12 22:55:00
packetstorm
packetstorm
toStaticHTML HTML Sanitizing Bypass
2012-07-11 00:00:00
symantec
symantec
exploitdb
exploitdb
openvas
openvas
Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
2012-06-13 00:00:00
Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
2012-06-13 00:00:00
Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502)
2012-07-11 00:00:00
securityvulns
securityvulns
Mictosoft Lync multiple security vulnerabilities
2012-06-13 00:00:00
Microsoft Sharepoint multiple security vulnerabilities
2012-07-11 00:00:00
Microsoft Internet Explorer multiple security vulnerabilities
2012-06-25 00:00:00
nessus
nessus
mskb
mskb