CVE-2017-0129

CWE-295 — Improper Certificate Validation CWE-416 — Use After Free6 documents6 sources

Severity

7.5HIGH

EPSS

1.7%

top 17.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Lync FOR MAC Microsoft Lync FOR MAC

Timeline

PublishedMar 17

Latest updateMay 17

Description

Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDmicrosoft/lync2011

▶CVEListV5microsoft_corporation/lync_for_macLync for Mac 2011

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-p3wq-v5cw-mp2f: Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft L↗2022-05-17

▶

CVEList

CVE-2017-0129: Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft L↗2017-03-17

▶

📋Vendor Advisories

Red Hat

perl-XML-LibXML: Use-after-free by controlling the arguments to a replaceChild call↗2017-06-27

▶

Microsoft

Microsoft Lync for Mac Certificate Validation Vulnerability↗2017-03-14

▶

💬Community

Bugzilla

CVE-2017-10672 perl-XML-LibXML: Use-after-free by controlling the arguments to a replaceChild call↗2017-07-12

▶