|MS14-032||Vulnerability in Microsoft Lync Server Could Allow Information Disclosure (2969258)||Microsoft Lync||Important||11-06-2014|
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Lync Server. The vulnerability could allow information disclosure if a user tries to join a Lync meeting by clicking a specially crafted meeting URL.
Detailed Information on the risk:
An information disclosure vulnerability exists when Lync Server fails to properly sanitize specially crafted content. An attacker who successfully exploited this vulnerability could potentially execute scripts in the userÆs browser to obtain information from web sessions.
Further information on this exploit is available at : MS14-032
Affected SoftwareMicrosoft Lync Server 2010
Microsoft Lync Server 2013