<< Back
CVE Number Vulnerability Product Severity Date
MS14-032 Vulnerability in Microsoft Lync Server Could Allow Information Disclosure (2969258) Microsoft Lync Important 11-06-2014

Technical Information

Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Lync Server. The vulnerability could allow information disclosure if a user tries to join a Lync meeting by clicking a specially crafted meeting URL.
Detailed Information on the risk:

An information disclosure vulnerability exists when Lync Server fails to properly sanitize specially crafted content. An attacker who successfully exploited this vulnerability could potentially execute scripts in the userÆs browser to obtain information from web sessions.

Further information on this exploit is available at : MS14-032

Affected Software

Microsoft Lync Server 2010
Microsoft Lync Server 2013