Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Lync multiple security vulnerabilities
Published:15.09.2014
Source:
SecurityVulns ID:13960
Type:remote
Threat Level:
5/10
Description:Information disclosure, DoS.
Affected:MICROSOFT : Lync Server 2010
 MICROSOFT : Lync Server 2013
CVE:CVE-2014-4071 (The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service Vulnerability.")
 CVE-2014-4070 (Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability.")
 CVE-2014-4068 (The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability.")
Files: Microsoft Security Bulletin MS14-055 - Important Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod