The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft OCS

vulnerability CVE-2016-7193

Microsoft Office: memory corruption via RTF

Synthesis of the vulnerability

An attacker can generate a memory corruption via RTF of Microsoft Office, in order to trigger a denial of service, and possibly to run code.
Impacted products: Office, Access, Microsoft OCS, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 12/10/2016.
Identifiers: 3194063, CERTFR-2016-AVI-339, CVE-2016-7193, MS16-121, VIGILANCE-VUL-20830.

Description of the vulnerability

The Microsoft Office product can open documents in RTF format.

However, a malicious document corrupts the Microsoft Office memory.

An attacker can therefore generate a memory corruption via RTF of Microsoft Office, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2008-5180

Microsoft OCS: denial of service via SIP

Synthesis of the vulnerability

An attacker can send SIP INVITE queries in order to create a denial of service in Microsoft Office Communications Server.
Impacted products: Microsoft OCS.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 02/12/2008.
Identifiers: CVE-2008-5180, VIGILANCE-VUL-8277.

Description of the vulnerability

The Microsoft Office Communications Server product implements SIP (Session Initiation Protocol) used for multimedia exchanges. This protocol defines following queries:
 - INVITE : the client requests a new session
 - ACK : the server acknowledges
 - BYE : ends a session
 - etc.

When MOCS receives a special SIP INVITE query, it does not free the associated memory.

An attacker can therefore send numerous queries in order to progressively deplete the memory.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Microsoft OCS: