SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Instant Messaging/IRC/Chat)  >   Microsoft Skype for Business Vendors:   Microsoft
Microsoft Skype for Business Input Validation Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System
SecurityTracker Alert ID:  1034126
SecurityTracker URL:  http://securitytracker.com/id/1034126
CVE Reference:   CVE-2015-6061   (Links to External Site)
Date:  Nov 10 2015
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2016
Description:   A vulnerability was reported in Microsoft Skype for Business. A remote user can obtain potentially sensitive information on the target system.

A remote user can send a message containing specially crafted JavaScript that, when received by the connected target instant message user, will execute the script on the target user's system. The script will run in the context of the Skype for Business application and can open web pages, open other messaging sessions, or load URIs on the target user's system to obtain potentially sensitive information.

Impact:   A remote user can obtain potentially sensitive information on the target system.
Solution:   The vendor has issued a fix.

A patch matrix is available in the vendor's advisory.

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms15-123

Vendor URL:  technet.microsoft.com/library/security/ms15-123 (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (2008), Windows (2012)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC