The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Live Communications Server

computer vulnerability alert CVE-2017-11934 CVE-2017-11935 CVE-2017-11936

Microsoft Office: vulnerabilities of December 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Office, Access, Microsoft OCS, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 13/12/2017.
Identifiers: CERTFR-2017-AVI-466, CVE-2017-11934, CVE-2017-11935, CVE-2017-11936, CVE-2017-11939, VIGILANCE-VUL-24756.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-7193

Microsoft Office: memory corruption via RTF

Synthesis of the vulnerability

An attacker can generate a memory corruption via RTF of Microsoft Office, in order to trigger a denial of service, and possibly to run code.
Impacted products: Office, Access, Microsoft OCS, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 12/10/2016.
Identifiers: 3194063, CERTFR-2016-AVI-339, CVE-2016-7193, MS16-121, VIGILANCE-VUL-20830.

Description of the vulnerability

The Microsoft Office product can open documents in RTF format.

However, a malicious document corrupts the Microsoft Office memory.

An attacker can therefore generate a memory corruption via RTF of Microsoft Office, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2008-5180

Microsoft OCS: denial of service via SIP

Synthesis of the vulnerability

An attacker can send SIP INVITE queries in order to create a denial of service in Microsoft Office Communications Server.
Impacted products: Microsoft OCS.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 02/12/2008.
Identifiers: CVE-2008-5180, VIGILANCE-VUL-8277.

Description of the vulnerability

The Microsoft Office Communications Server product implements SIP (Session Initiation Protocol) used for multimedia exchanges. This protocol defines following queries:
 - INVITE : the client requests a new session
 - ACK : the server acknowledges
 - BYE : ends a session
 - etc.

When MOCS receives a special SIP INVITE query, it does not free the associated memory.

An attacker can therefore send numerous queries in order to progressively deplete the memory.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.