CVE-2014-4070
published 2014-09-10CVE-2014-4070: Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or…
PriorityP425medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
10.92%
95.3th percentile
Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | lync_server | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
blogs_talos·2014-09-09·CVSS 6.5
[MEDIUM] Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there’s only a total of 4 bulletins, they cover a total of 42 CVEs. The IE bulletin, as is usual, has the most updates for bugs and is rated critical. It covers a total of 37 CVEs. The other three bulletins are rated as important and provide updates for the remaining five vulnerabilities.
MS14-052 is the IE bulletin and is rated critical. It covers a total of 37 CVEs. Of these 37 CVEs, 36 are remote code execution vulnerabilities, the other one is an information disclosure vulnerability (CVE-2013-7331). This last vulnerability is publicly known and under active exploitation. This vulnerability allows attackers to use Microsoft’s XMLDOM ActiveX object to gain information on local drive and
Talos
Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
blogs_talos·2014-09-09·CVSS 6.5
[MEDIUM] Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
## Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there’s only a total of 4 bulletins, they cover a total of 42 CVEs. The IE bulletin, as is usual, has the most updates for bugs and is rated critical. It covers a total of 37 CVEs. The other three bulletins are rated as important and provide updates for the remaining five vulnerabilities.
MS14-052 is the IE bulletin and is rated critical. It covers a total of 37 CVEs. Of these 37 CVEs, 36 are remote code execution vulnerabilities, the other one is an information disclosure vulnerability ( CVE-2013-7331 ). This last vulnerability is publicly known and under active exploitation. This
http://www.securityfocus.com/bid/69579http://www.securitytracker.com/id/1030821https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-055https://exchange.xforce.ibmcloud.com/vulnerabilities/95546http://www.securityfocus.com/bid/69579http://www.securitytracker.com/id/1030821https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-055https://exchange.xforce.ibmcloud.com/vulnerabilities/95546
2014-09-10
Published