Certificate Validation Weakness in Microsoft Lync for Mac 2011
CVE-2017-0129

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Lync For Mac
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0129?

Microsoft Lync for Mac 2011 features a flaw in its certificate validation process, which can be exploited by remote attackers. This vulnerability allows malicious actors to potentially intercept and alter communications between the server and client, posing significant risks to data integrity and confidentiality. Users of Microsoft Lync for Mac should take caution and ensure they are using the latest version to mitigate this risk.

Affected Version(s)

Lync for Mac Lync for Mac 2011

References

http://www.securitytracker.com/id/1038020
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/96752
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.