The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Lync

vulnerability announce CVE-2017-11786

Microsoft Lync 2013, Skype: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Microsoft Lync 2013 or Skype, in order to escalate his privileges.
Severity: 2/4.
Creation date: 11/10/2017.
Identifiers: CERTFR-2017-AVI-346, CVE-2017-11786, VIGILANCE-VUL-24090.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions of Microsoft Lync 2013 or Skype, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2017-8676 CVE-2017-8695 CVE-2017-8696

Microsoft Lync/Skype: vulnerabilities of September 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 13/09/2017.
Identifiers: CERTFR-2017-AVI-297, CVE-2017-8676, CVE-2017-8695, CVE-2017-8696, VIGILANCE-VUL-23825.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2017-0283 CVE-2017-8527

Microsoft Lync: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Lync.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/06/2017.
Identifiers: CERTFR-2017-AVI-176, CVE-2017-0283, CVE-2017-8527, VIGILANCE-VUL-22966.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft Lync.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2017-0060 CVE-2017-0073 CVE-2017-0108

Microsoft Lync: vulnerabilities of March 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 14/03/2017.
Identifiers: 4013241, CVE-2017-0060, CVE-2017-0073, CVE-2017-0108, CVE-2017-0129, MS17-014, VIGILANCE-VUL-22128.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2016-3209 CVE-2016-3262 CVE-2016-3263

Windows, .NET, Office, Skype, Lync, Silverlight: seven vulnerabilities via Graphics Component

Synthesis of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync and Silverlight.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/10/2016.
Identifiers: 3192884, 825, 829, 864, 868, CERTFR-2016-AVI-340, CVE-2016-3209, CVE-2016-3262, CVE-2016-3263, CVE-2016-3270, CVE-2016-3393, CVE-2016-3396, CVE-2016-7182, MS16-120, VIGILANCE-VUL-20829.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync and Silverlight.

An attacker can use a vulnerability via GDI+, in order to run code. [severity:4/4; CVE-2016-3393]

An attacker can use a vulnerability via GDI+, in order to run code. [severity:4/4; CVE-2016-3396]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3209]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3262]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3263]

An attacker can bypass security features via True Type Font, in order to escalate his privileges. [severity:2/4; CVE-2016-7182]

An attacker can bypass security features via Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-3270]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-0143 CVE-2016-0145 CVE-2016-0165

Windows, .NET, Office, Skype, Lync: four vulnerabilities of Graphics Component

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Graphics Component of Windows, .NET, Office, Skype, Lync.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 12/04/2016.
Identifiers: 3148522, 684, 707, CERTFR-2016-AVI-122, CERTFR-2016-AVI-123, CVE-2016-0143, CVE-2016-0145, CVE-2016-0165, CVE-2016-0167, MS16-039, VIGILANCE-VUL-19354.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync.

An attacker can bypass security features in Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-0143]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0145]

An attacker can bypass security features in Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-0165]

An attacker can bypass security features in Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-0167]
Full Vigil@nce bulletin... (Free trial)

weakness announce 18524

Excel: use after free via XLSB

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious XLSB file, to force the usage of a freed memory area in Excel, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 15/12/2015.
Identifiers: 3104540, MS15-116, VIGILANCE-VUL-18524, ZDI-15-639.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Excel product supports binary files with the ".xlsb" extension.

However, if the file is malformed, Excel frees a memory area before reusing it.

An attacker can therefore invite the victim to open a malicious XLSB file, to force the usage of a freed memory area in Excel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2015-6106 CVE-2015-6107 CVE-2015-6108

Windows, .NET, Office, Skype, Lync, Silverlight: three vulnerabilities of Graphics Component

Synthesis of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync and Silverlight.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 08/12/2015.
Identifiers: 3104503, CERTFR-2015-AVI-524, CVE-2015-6106, CVE-2015-6107, CVE-2015-6108, MS15-128, VIGILANCE-VUL-18471.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync and Silverlight.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-6106]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-6107]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-6108]
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2015-6061

Microsoft Lync, Skype for Business: information disclosure

Synthesis of the vulnerability

An attacker can inject JavaScript code in Microsoft Lync or Skype for Business, in order read information of a web site.
Severity: 2/4.
Creation date: 10/11/2015.
Identifiers: 3105872, CERTFR-2015-AVI-480, CVE-2015-6061, MS15-123, VIGILANCE-VUL-18288.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Microsoft Lync or Skype for Business product offers an instant message service.

However, an instant message containing JavaScript code is directly interpreted, and can read data of private web services.

An attacker can therefore inject JavaScript code in Microsoft Lync or Skype for Business, in order read information of a web site.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2015-2503 CVE-2015-6038 CVE-2015-6091

Microsoft Office, Lync: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 7.
Creation date: 10/11/2015.
Identifiers: 3104540, CERTFR-2015-AVI-473, CVE-2015-2503, CVE-2015-6038, CVE-2015-6091, CVE-2015-6092, CVE-2015-6093, CVE-2015-6094, CVE-2015-6123, MS15-116, VIGILANCE-VUL-18281, ZDI-15-539, ZDI-15-543, ZDI-15-546.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6038, ZDI-15-543]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6091]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6092]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6093, ZDI-15-539]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6094, ZDI-15-546]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2015-2503]

An attacker can deceive the user, in order to redirect him to a malicious site. [severity:1/4; CVE-2015-6123]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Microsoft Lync: