Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Instant Messaging/IRC/Chat)  >   Microsoft Lync Vendors:   Microsoft
Microsoft Lync Input Validation Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System
SecurityTracker Alert ID:  1034127
SecurityTracker URL:
CVE Reference:   CVE-2015-6061   (Links to External Site)
Date:  Nov 10 2015
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2010, 2013; Lync Room System
Description:   A vulnerability was reported in Microsoft Lync. A remote user can obtain potentially sensitive information on the target system.

A remote user can send a message containing specially crafted JavaScript that, when received by the connected target instant message user, will execute the script on the target user's system. The script will run in the context of the Lync application and can open web pages, open other messaging sessions, or load URIs on the target user's system to obtain potentially sensitive information.

Impact:   A remote user can obtain potentially sensitive information on the target system.
Solution:   The vendor has issued a fix.

A patch matrix is available in the vendor's advisory.

The Microsoft advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC