PT-2014-1675 · Microsoft · Lync Server

Peter Schraffl

Published

2014-09-09

Updated

2018-10-12

CVE-2014-4068

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Microsoft Lync Server versions 2010 through 2013

Description The issue allows an attacker to cause a denial of service, resulting in a system hang, by sending a crafted call. This is due to improper exception handling in the Response Group Service in Microsoft Lync Server 2010 and 2013, and the Core Components in Lync Server 2013.

Recommendations For Microsoft Lync Server 2010, update to a version that properly handles exceptions to prevent the denial of service. For Microsoft Lync Server 2013, update the Core Components to a version that correctly handles exceptions, preventing the system hang. As a temporary workaround, consider restricting access to the Response Group Service to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-00611

CVE-2014-4068

Affected Products

Lync Server

PT-2014-1675 · Microsoft · Lync Server

CVE-2014-4068

Weakness Enumeration

Related Identifiers

Affected Products

References · 9