Server input validation information disclosure vulnerability in Microsoft Lync and skype for business - CVE-2015-6061ID: oval:org.secpod.oval:def:31014 | Date: (C)2015-11-13 (M)2024-05-03 |
Class: VULNERABILITY | Family: windows |
The host is installed with Microsoft Lync 2010, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync Basic 2013 or Microsoft Lync 2010 Attendee and is prone to a server input validation information disclosure vulnerability. A flaw is present in the application, which improperly sanitizes specially crafted content. Successful exploitation could allow attackers to execute HTML and JavaScript content.
Platform: |
Microsoft Windows Vista |
Microsoft Windows Server 2008 |
Microsoft Windows 7 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows 8 |
Microsoft Windows Server 2003 |
Microsoft Windows 8.1 |
Microsoft Windows 10 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2012 R2 |
Product: |
Microsoft Lync 2010 |
Microsoft Lync Basic 2013 |
Microsoft Lync 2010 Attendee |
Microsoft Skype For Business 2016 |
Microsoft Skype For Business Basic 2016 |