Skip to main content

Office Communicator

3 CVEs product

Monthly

CVE-2013-1302 CRITICAL Emergency

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.4% and no vendor patch available.

Buffer Overflow Microsoft RCE Lync Lync Server +1
NVD
CVSS 2.0
9.3
EPSS
44.4%
CVE-2012-2520 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.2% and no vendor patch available.

Microsoft XSS Groove Server Infopath Lync +5
NVD
CVSS 2.0
4.3
EPSS
24.2%
CVE-2012-1858 MEDIUM POC THREAT This Month

The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 41.4%.

Information Disclosure Microsoft XSS Lync Office Communicator +1
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
41.4%
EPSS 44% CVSS 9.3
CRITICAL Emergency

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.4% and no vendor patch available.

Buffer Overflow Microsoft RCE +3
NVD
EPSS 24% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.2% and no vendor patch available.

Microsoft XSS Groove Server +7
NVD
EPSS 41% CVSS 4.3
MEDIUM POC THREAT This Month

The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 41.4%.

Information Disclosure Microsoft XSS +3
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy