CVE-2014-4068

Published: Sep 10, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability."

Affected (2)

Products: Microsoft: Lync Server

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Lync Server	Version 2010
Microsoft Lync Server	Version 2013

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx

Source: secure@microsoft.com

http://www.securityfocus.com/bid/69586

Source: secure@microsoft.com

http://www.securitytracker.com/id/1030821

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-055

Source: secure@microsoft.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/95544

Source: secure@microsoft.com

http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/69586

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1030821

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-055

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/95544

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.