CVE-2020-27515: Skype vulnerability

January 21, 2021 0

A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field. How to mitigate CVE-2020-27515 Time needed: 5 minutes. Follow the instructions, Read more

CVE-2020-24003: Skype vulnerability

January 21, 2021 0

Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user’s privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Read more

CVE-2020-1462: Skype vulnerability

August 21, 2020 0

An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based), aka ‘Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability’. References portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1462 portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1462

CVE-2020-1432: Skype vulnerability

August 21, 2020 0

An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka ‘Skype for Business via Internet Explorer Information Disclosure Vulnerability’. References portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1432 portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1432

CVE-2020-1025: Skype vulnerability

August 21, 2020 0

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation, aka ‘Microsoft Office Elevation of Privilege Vulnerability’. References portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025 portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025

1 2