The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Skype for Business

vulnerability CVE-2019-0798

Skype for Business Server 2015: information disclosure via Spoofing

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Spoofing of Skype for Business Server 2015, in order to obtain sensitive information.
Impacted products: Skype for Business.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 13/03/2019.
Identifiers: CERTFR-2019-AVI-106, CVE-2019-0798, VIGILANCE-VUL-28730.

Description of the vulnerability

An attacker can bypass access restrictions to data via Spoofing of Skype for Business Server 2015, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-0624

Microsoft Skype for Business Server: information disclosure via Spoofing

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Spoofing of Microsoft Skype for Business Server, in order to obtain sensitive information.
Impacted products: Skype for Business.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet server.
Creation date: 13/02/2019.
Identifiers: CERTFR-2019-AVI-064, CVE-2019-0624, VIGILANCE-VUL-28488.

Description of the vulnerability

An attacker can bypass access restrictions to data via Spoofing of Microsoft Skype for Business Server, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-0624

Microsoft Skype for Business: Cross Site Scripting via Authenticated Spoofing

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Authenticated Spoofing of Microsoft Skype for Business, in order to run JavaScript code in the context of the web site.
Impacted products: Skype for Business.
Severity: 2/4.
Consequences: client access/rights.
Provenance: user account.
Creation date: 16/01/2019.
Identifiers: CVE-2019-0624, VIGILANCE-VUL-28285.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via Authenticated Spoofing of Microsoft Skype for Business, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-8546

Microsoft Skype for Business: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of Microsoft Skype for Business, in order to trigger a denial of service.
Impacted products: Skype for Business.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 14/11/2018.
Identifiers: CERTFR-2018-AVI-554, CVE-2018-8546, SEC Consult SA-20181114-0, VIGILANCE-VUL-27774.

Description of the vulnerability

An attacker can generate a fatal error of Microsoft Skype for Business, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-8238 CVE-2018-8311

Microsoft Lync/Skype: vulnerabilities of July 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Lync, Skype for Business.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 11/07/2018.
Identifiers: CERTFR-2018-AVI-338, CVE-2018-8238, CVE-2018-8311, VIGILANCE-VUL-26680.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 25281

Microsoft Skype: executing DLL code via Updater.exe

Synthesis of the vulnerability

An attacker can create a malicious Updater.exe DLL, and then put it in the current directory of Microsoft Skype, in order to execute code.
Impacted products: Skype for Business.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 12/02/2018.
Identifiers: VIGILANCE-VUL-25281.

Description of the vulnerability

An attacker can create a malicious Updater.exe DLL, and then put it in the current directory of Microsoft Skype, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-11786

Microsoft Lync 2013, Skype: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Microsoft Lync 2013 or Skype, in order to escalate his privileges.
Impacted products: Lync, Skype for Business.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Creation date: 11/10/2017.
Identifiers: CERTFR-2017-AVI-346, CVE-2017-11786, VIGILANCE-VUL-24090.

Description of the vulnerability

An attacker can bypass restrictions of Microsoft Lync 2013 or Skype, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-8676 CVE-2017-8695 CVE-2017-8696

Microsoft Lync/Skype: vulnerabilities of September 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Lync, Skype for Business.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 13/09/2017.
Identifiers: CERTFR-2017-AVI-297, CVE-2017-8676, CVE-2017-8695, CVE-2017-8696, VIGILANCE-VUL-23825.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-9948

Microsoft Skype Client: buffer overflow via Clipboard Format

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Clipboard Format of Microsoft Skype, in order to trigger a denial of service, and possibly to run code.
Impacted products: Skype for Business.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 26/06/2017.
Identifiers: CVE-2017-9948, VIGILANCE-VUL-23084.

Description of the vulnerability

An attacker can generate a buffer overflow via Clipboard Format of Microsoft Skype, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-0283 CVE-2017-8527 CVE-2017-8550

Microsoft Skype for Business: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Skype for Business.
Impacted products: Skype for Business.
Severity: 4/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 14/06/2017.
Identifiers: CERTFR-2017-AVI-176, CVE-2017-0283, CVE-2017-8527, CVE-2017-8550, VIGILANCE-VUL-22968.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft Skype for Business.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Microsoft Skype for Business: