CVE-2014-4071 - The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL

CVE-2014-4071

Summary

The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service Vulnerability." <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>

References

Vulnerable Configurations

cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 12-10-2018 - 22:06)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

msbulletin via4

bulletin_id	MS14-055
bulletin_url
date	2014-09-09T00:00:00
impact	Denial of Service
knowledgebase_id	2990928
knowledgebase_url
severity	Important
title	Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service

refmap via4

bid	69592
confirm	http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx
sectrack	1030821
xf	ms-lync-cve20144071-dos(95547)

Last major update

12-10-2018 - 22:06

Published

10-09-2014 - 01:55

Last modified

12-10-2018 - 22:06