Skip to main content

Lync

41 CVEs product

Monthly

CVE-2020-1025 CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Lync Sharepoint Enterprise Server Sharepoint Foundation +2
NVD
CVSS 3.1
9.8
EPSS
5.9%
CVE-2019-1209 MEDIUM PATCH This Month

An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Lync
NVD
CVSS 3.1
6.5
EPSS
6.2%
CVE-2019-1084 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Exchange Server Lync Lync Basic +6
NVD
CVSS 3.0
6.5
EPSS
5.3%
CVE-2018-8546 MEDIUM PATCH This Month

A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Microsoft Denial Of Service Lync Lync Basic Office +3
NVD
CVSS 3.0
5.9
EPSS
5.5%
CVE-2018-8311 HIGH This Week

A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Lync Skype For Business
NVD
CVSS 3.0
8.8
EPSS
16.6%
CVE-2018-8238 HIGH PATCH This Week

A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft Lync Skype For Business
NVD
CVSS 3.0
7.8
EPSS
5.5%
CVE-2017-11786 HIGH PATCH Act Now

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.5%.

Microsoft Information Disclosure Lync Skype For Business
NVD
CVSS 3.0
8.8
EPSS
11.5%
CVE-2017-8696 HIGH PATCH Act Now

Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1;. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 21.5%.

Buffer Overflow RCE Microsoft Live Meeting Lync +7
NVD
CVSS 3.0
7.5
EPSS
21.5%
CVE-2017-8695 MEDIUM PATCH This Month

Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016;. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 25.7%.

Microsoft Information Disclosure Live Meeting Lync Office +11
NVD
CVSS 3.0
5.3
EPSS
25.7%
CVE-2017-8676 LOW PATCH Monitor

The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607,. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Live Meeting Lync Office +11
NVD
CVSS 3.0
3.3
EPSS
7.6%
CVE-2017-8527 HIGH PATCH Act Now

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 28.8%.

Buffer Overflow RCE Microsoft Lync Office +9
NVD
CVSS 3.0
8.8
EPSS
28.8%
CVE-2017-0283 HIGH POC PATCH THREAT Act Now

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 56.0%.

RCE Microsoft Lync Office Office Word Viewer +8
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
56.0%
Threat
4.9
CVE-2017-0108 HIGH POC PATCH THREAT Act Now

The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 36.7%.

Buffer Overflow RCE Microsoft Live Meeting Lync +7
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
36.7%
Threat
4.2
CVE-2017-0073 MEDIUM PATCH This Month

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Live Meeting Lync Office +11
NVD
CVSS 3.1
4.3
EPSS
9.2%
CVE-2017-0060 MEDIUM POC PATCH This Month

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Live Meeting Lync Office +11
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
3.3%
CVE-2016-7182 CRITICAL POC THREAT Emergency

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 41.5%.

RCE Microsoft Live Meeting Lync Office +9
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
41.5%
Threat
4.7
CVE-2016-3396 HIGH Act Now

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 32.4% and no vendor patch available.

RCE Privilege Escalation Microsoft Live Meeting Lync +10
NVD
CVSS 3.0
7.8
EPSS
32.4%
CVE-2016-3263 MEDIUM This Month

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.1% and no vendor patch available.

Information Disclosure Microsoft Live Meeting Lync Office +9
NVD
CVSS 3.0
5.5
EPSS
19.1%
CVE-2016-3262 MEDIUM This Month

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.1% and no vendor patch available.

Information Disclosure Microsoft Live Meeting Lync Office +9
NVD
CVSS 3.0
5.5
EPSS
19.1%
CVE-2016-3209 MEDIUM POC THREAT This Month

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.2%.

Information Disclosure Microsoft Net Framework Live Meeting Lync +11
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
19.2%
CVE-2016-3304 HIGH POC THREAT Act Now

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

RCE Microsoft Live Meeting Lync Office +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
53.0%
Threat
4.6
CVE-2016-3303 HIGH POC THREAT Act Now

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

RCE Microsoft Live Meeting Lync Office +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
53.0%
Threat
4.6
CVE-2016-3301 HIGH POC THREAT Act Now

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.6%.

RCE Microsoft Live Meeting Lync Office +9
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
53.6%
Threat
4.7
CVE-2016-0145 HIGH POC THREAT Act Now

The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 74.8%.

RCE Buffer Overflow Microsoft Net Framework Live Meeting +11
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
74.8%
Threat
5.5
CVE-2015-6108 CRITICAL PATCH Act Now

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.4%.

RCE Buffer Overflow Microsoft Live Meeting Lync +13
NVD
CVSS 2.0
9.3
EPSS
44.4%
CVE-2015-6107 CRITICAL PATCH Act Now

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 49.4%.

RCE Buffer Overflow Microsoft Live Meeting Lync +12
NVD
CVSS 2.0
9.3
EPSS
49.4%
CVE-2015-6106 CRITICAL Emergency

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1, and Live Meeting. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.8% and no vendor patch available.

RCE Buffer Overflow Microsoft Live Meeting Lync +5
NVD
CVSS 2.0
9.3
EPSS
44.8%
CVE-2015-6061 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.2% and no vendor patch available.

XSS Information Disclosure Microsoft Lync Lync Room System +1
NVD
CVSS 2.0
4.3
EPSS
14.2%
CVE-2015-2503 CRITICAL Act Now

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.5% and no vendor patch available.

Privilege Escalation Microsoft Access Excel Infopath +11
NVD
CVSS 2.0
9.3
EPSS
15.5%
CVE-2015-2510 CRITICAL POC THREAT Emergency

Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 70.6%.

Adobe Buffer Overflow RCE Microsoft Live Meeting Console +4
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
70.6%
Threat
5.5
CVE-2015-2464 CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 48.1%.

RCE Microsoft Net Framework Live Meeting Lync +11
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
48.1%
Threat
4.8
CVE-2015-2463 CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 38.6%.

RCE Microsoft Net Framework Live Meeting Lync +11
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
38.6%
Threat
4.5
CVE-2015-2456 CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 41.5%.

RCE Microsoft Net Framework Live Meeting Lync +12
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
41.5%
Threat
4.6
CVE-2015-2455 CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 53.2%.

RCE Microsoft Net Framework Live Meeting Lync +12
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
53.2%
Threat
5.0
CVE-2015-2435 CRITICAL PATCH Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 30.2%.

RCE Microsoft Net Framework Live Meeting Lync +12
NVD
CVSS 2.0
9.3
EPSS
30.2%
CVE-2015-2431 CRITICAL POC THREAT Emergency

Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 64.7%.

RCE Microsoft Live Meeting Lync Lync Basic +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
64.7%
Threat
5.3
CVE-2013-3129 HIGH Act Now

Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 51.7% and no vendor patch available.

Code Injection Microsoft RCE Net Framework Lync +12
NVD
CVSS 3.1
7.8
EPSS
51.7%
CVE-2013-1302 CRITICAL Emergency

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.4% and no vendor patch available.

Buffer Overflow Microsoft RCE Lync Lync Server +1
NVD
CVSS 2.0
9.3
EPSS
44.4%
CVE-2012-2520 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.2% and no vendor patch available.

Microsoft XSS Groove Server Infopath Lync +5
NVD
CVSS 2.0
4.3
EPSS
24.2%
CVE-2012-1858 MEDIUM POC THREAT This Month

The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 41.4%.

Information Disclosure Microsoft XSS Lync Office Communicator +1
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
41.4%
CVE-2012-1849 CRITICAL Emergency

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 50.0% and no vendor patch available.

Information Disclosure Microsoft Lync
NVD
CVSS 2.0
9.3
EPSS
50.0%
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Lync +4
NVD
EPSS 6% CVSS 6.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Lync
NVD
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Exchange Server +8
NVD
EPSS 5% CVSS 5.9
MEDIUM PATCH This Month

A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Microsoft Denial Of Service Lync +5
NVD
EPSS 17% CVSS 8.8
HIGH This Week

A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Lync +1
NVD
EPSS 5% CVSS 7.8
HIGH PATCH This Week

A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft Lync +1
NVD
EPSS 11% CVSS 8.8
HIGH PATCH Act Now

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.5%.

Microsoft Information Disclosure Lync +1
NVD
EPSS 21% CVSS 7.5
HIGH PATCH Act Now

Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1;. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 21.5%.

Buffer Overflow RCE Microsoft +9
NVD
EPSS 26% CVSS 5.3
MEDIUM PATCH This Month

Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016;. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 25.7%.

Microsoft Information Disclosure Live Meeting +13
NVD
EPSS 8% CVSS 3.3
LOW PATCH Monitor

The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607,. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Live Meeting +13
NVD
EPSS 29% CVSS 8.8
HIGH PATCH Act Now

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 28.8%.

Buffer Overflow RCE Microsoft +11
NVD
EPSS 56% 4.9 CVSS 8.8
HIGH POC PATCH THREAT Act Now

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 56.0%.

RCE Microsoft Lync +10
NVD Exploit-DB
EPSS 37% 4.2 CVSS 7.8
HIGH POC PATCH THREAT Act Now

The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 36.7%.

Buffer Overflow RCE Microsoft +9
NVD Exploit-DB
EPSS 9% CVSS 4.3
MEDIUM PATCH This Month

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Live Meeting +13
NVD
EPSS 3% CVSS 5.5
MEDIUM POC PATCH This Month

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Live Meeting +13
NVD Exploit-DB
EPSS 41% 4.7 CVSS 9.8
CRITICAL POC THREAT Emergency

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 41.5%.

RCE Microsoft Live Meeting +11
NVD Exploit-DB
EPSS 32% CVSS 7.8
HIGH Act Now

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 32.4% and no vendor patch available.

RCE Privilege Escalation Microsoft +12
NVD
EPSS 19% CVSS 5.5
MEDIUM This Month

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.1% and no vendor patch available.

Information Disclosure Microsoft Live Meeting +11
NVD
EPSS 19% CVSS 5.5
MEDIUM This Month

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.1% and no vendor patch available.

Information Disclosure Microsoft Live Meeting +11
NVD
EPSS 19% CVSS 5.5
MEDIUM POC THREAT This Month

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.2%.

Information Disclosure Microsoft Net Framework +13
NVD Exploit-DB
EPSS 53% 4.6 CVSS 7.8
HIGH POC THREAT Act Now

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

RCE Microsoft Live Meeting +7
NVD Exploit-DB
EPSS 53% 4.6 CVSS 7.8
HIGH POC THREAT Act Now

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

RCE Microsoft Live Meeting +7
NVD Exploit-DB
EPSS 54% 4.7 CVSS 7.8
HIGH POC THREAT Act Now

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.6%.

RCE Microsoft Live Meeting +11
NVD Exploit-DB
EPSS 75% 5.5 CVSS 8.8
HIGH POC THREAT Act Now

The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 74.8%.

RCE Buffer Overflow Microsoft +13
NVD Exploit-DB
EPSS 44% CVSS 9.3
CRITICAL PATCH Act Now

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.4%.

RCE Buffer Overflow Microsoft +15
NVD
EPSS 49% CVSS 9.3
CRITICAL PATCH Act Now

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 49.4%.

RCE Buffer Overflow Microsoft +14
NVD
EPSS 45% CVSS 9.3
CRITICAL Emergency

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1, and Live Meeting. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.8% and no vendor patch available.

RCE Buffer Overflow Microsoft +7
NVD
EPSS 14% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.2% and no vendor patch available.

XSS Information Disclosure Microsoft +3
NVD
EPSS 15% CVSS 9.3
CRITICAL Act Now

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.5% and no vendor patch available.

Privilege Escalation Microsoft Access +13
NVD
EPSS 71% 5.5 CVSS 9.3
CRITICAL POC THREAT Emergency

Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 70.6%.

Adobe Buffer Overflow RCE +6
NVD Exploit-DB
EPSS 48% 4.8 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 48.1%.

RCE Microsoft Net Framework +13
NVD Exploit-DB
EPSS 39% 4.5 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 38.6%.

RCE Microsoft Net Framework +13
NVD Exploit-DB
EPSS 42% 4.6 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 41.5%.

RCE Microsoft Net Framework +14
NVD Exploit-DB
EPSS 53% 5.0 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 53.2%.

RCE Microsoft Net Framework +14
NVD Exploit-DB
EPSS 30% CVSS 9.3
CRITICAL PATCH Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 30.2%.

RCE Microsoft Net Framework +14
NVD
EPSS 65% 5.3 CVSS 9.3
CRITICAL POC THREAT Emergency

Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 64.7%.

RCE Microsoft Live Meeting +3
NVD Exploit-DB
EPSS 52% CVSS 7.8
HIGH Act Now

Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 51.7% and no vendor patch available.

Code Injection Microsoft RCE +14
NVD
EPSS 44% CVSS 9.3
CRITICAL Emergency

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.4% and no vendor patch available.

Buffer Overflow Microsoft RCE +3
NVD
EPSS 24% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.2% and no vendor patch available.

Microsoft XSS Groove Server +7
NVD
EPSS 41% CVSS 4.3
MEDIUM POC THREAT This Month

The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 41.4%.

Information Disclosure Microsoft XSS +3
NVD Exploit-DB
EPSS 50% CVSS 9.3
CRITICAL Emergency

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 50.0% and no vendor patch available.

Information Disclosure Microsoft Lync
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy