EIP-2026-118853
PRE-CVEMicrosoft Lync 2010 4.0.7577.0 - User-Agent Header Handling Arbitrary Command Execution
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-118853. PoCs published by Christopher Emerson.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Microsoft Lync by injecting malicious JavaScript into the User-Agent header. The script executes an ActiveX object to launch Notepad, showcasing arbitrary command execution in the context of the victim's browser.
Description
Microsoft Lync 2010 4.0.7577.0 - User-Agent Header Handling Arbitrary Command Execution
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Microsoft Lync by injecting malicious JavaScript into the User-Agent header. The script executes an ActiveX object to launch Notepad, showcasing arbitrary command execution in the context of the victim's browser.