exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Microsoft Lync 4.0.7577.0 Javascript Injection

Microsoft Lync 4.0.7577.0 Javascript Injection
Posted Jun 13, 2011
Authored by Mark Lachniet | Site foofus.net

Microsoft Lync version 4.0.7577.0 suffers from a javascript insertion vulnerability.

tags | exploit, javascript
SHA-256 | 9acd1aca4807a7c979ac9855bff7008e1cc076bfe2053fcb09c6116d049ef43d

Microsoft Lync 4.0.7577.0 Javascript Injection

Change Mirror Download
============================================================================
Foofus.net Security Advisory: foofus-20110610
============================================================================
Title: Javascript Injection in Microsoft Lync
Version: 4.0.7577.0
Vendor: Microsoft
Release Date: 2010-06-10
Issue Status: Fix available
============================================================================

1. Summary

Microsoft Lync version 4.0.7577.0 is vulnerable to a javascript injection
vulnerability.


2. Description

Javascript commands can be stacked within the url in the "reachLocale"
variable in ReachJoin.aspx. Arbitrary javascript can be inserted, with
some restrictions (notably that characters such as ">" will invoke .NET
security protections and cause the page to fail to display)


3. Proof of Concept

The following URL will load an image in a new window or tab, as well as
display an alert with arbitrary content:

https://[target]/Reach/Client/WebPages/ReachJoin.aspx?xml=&&reachLocale=en-us%22;var%20xxx=%22http://www.foofus.net/~bede/foofuslogo.jpg%22;open%28xxx%29;alert%28%22error,%20please%20enable%20popups%20from%20this%20server%20and%20reload%20from%20the%20link%20you%20were%20given%22%29//

Pop-ups will need to be enabled in order to load a new tab, but this can be
circumvented by social engineering (i.e. a dialog box) or possibly by
more clever javascript insertion.


4. Impact

Exploiting this attack allows an adversary to inject most types of
Javascript into the page and in order to execute client-side attacks or
perform social engineering attacks. These attacks can easily be manipulated
to compromise a target workstation.


5. Affected Products

Only version 4.0.7577.0 has been tested. This vulnerability may exist in
other versions.


6. Solution

According to Microsoft, the vulnerability can be resolved by updating with
the "update package for Lync Server 2010, Web Components Server: April 2011"
at http://support.microsoft.com/kb/2500441

7. Timetable

2011-05-31 Advisory written and submitted to Microsoft
2011-05-31 Vendor confirms receipt of advisory
2011-06-10 Vendor confirms vulnerability, advises availability of patch
2011-06-10 Disclosure


8. Reference

http://www.foofus.net/?p=363

9. Credits

bede@foofus.net (Mark Lachniet)



Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close