Microsoft Skype for Business Server and Microsoft Lync Information Dislcosure Vulnerability

Last Update Date: 11 Nov 2015 16:51 Release Date: 11 Nov 2015 3407 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Im, Chat & Voip

TYPE: Im, Chat & Voip

An information disclosure vulnerability exists when Skype for Business and Microsoft Lync clients improperly sanitize specially crafted content. An attacker who successfully exploited the vulnerability could execute HTML and JavaScript content in the Skype for Business or Lync context. The attacker could use this vulnerability to open a webpage using the default browser, open another messaging session with a third party, or potentially trigger URIs that are defined by other applications on the client's system.

Impact

  • Information Disclosure

System / Technologies affected

  • Microsoft Skype for Business 2016
  • Microsoft Lync 2013
  • Microsoft Lync 2010
  • Microsoft Lync Room System

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Windows Kerberos Security Feature Bypass Vulnerability

11 Nov 2015 3525 Views

Next

Google Chrome Multiple vulnerabilities

12 Nov 2015 3323 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY