RETIRED: Microsoft Lync CVE-2012-1858 HTML Sanitizing Information Disclosure Vulnerability
BID:53833
Info
RETIRED: Microsoft Lync CVE-2012-1858 HTML Sanitizing Information Disclosure Vulnerability
| Bugtraq ID: | 53833 |
| Class: | Design Error |
| CVE: |
CVE-2012-1858 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 12 2012 12:00AM |
| Updated: | Jul 06 2012 07:20AM |
| Credit: | Adi Cohen of IBM Security Systems |
| Vulnerable: |
Microsoft Office Communicator 2007 R2 Microsoft Lync 2010 Attendee 0 Microsoft Lync 2010 0 |
| Not Vulnerable: | |
Discussion
RETIRED: Microsoft Lync CVE-2012-1858 HTML Sanitizing Information Disclosure Vulnerability
Microsoft Lync is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.
Microsoft Lync is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.
Exploit / POC
RETIRED: Microsoft Lync CVE-2012-1858 HTML Sanitizing Information Disclosure Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to view a malicious webpage.
To exploit this issue, an attacker must entice an unsuspecting user to view a malicious webpage.
Solution / Fix
RETIRED: Microsoft Lync CVE-2012-1858 HTML Sanitizing Information Disclosure Vulnerability
Solution:
Vendor updates are available. Please see the references for details.
Solution:
Vendor updates are available. Please see the references for details.
References
RETIRED: Microsoft Lync CVE-2012-1858 HTML Sanitizing Information Disclosure Vulnerability
References:
References:
- Microsoft Homepage (Microsoft)