CVE-2018-8311
Description
A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka Remote Code Execution Vulnerability in Skype For Business and Lync. This affects Skype, Microsoft Lync.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
34.04
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Skype for Business and Lync Security Feature Bypass Vulnerability for Skype for Business 2016 (KB4022221) 64-Bit Edition | Windows |
| Skype for Business and Lync Security Feature Bypass Vulnerability for Skype for Business 2016 (KB4022221) 32-Bit Edition | Windows |
| Skype for Business and Lync Security Feature Bypass Vulnerability for Skype for Business 2015 (KB4022225) 64-Bit Edition | Windows |
| Skype for Business and Lync Security Feature Bypass Vulnerability for Skype for Business 2015 (KB4022225) 32-Bit Edition | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-24877 | Security Update for Skype for Business 2016 (KB4022221) 64-Bit Edition |
| PATCH-24876 | Security Update for Skype for Business 2016 (KB4022221) 32-Bit Edition |
| PATCH-24869 | Security Update for Skype for Business 2015 (KB4022225) 64-Bit Edition |
| PATCH-24868 | Security Update for Skype for Business 2015 (KB4022225) 32-Bit Edition |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234