Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-8550 — Cross-site Scripting in Corporation Skype FOR Business

CWE-79 — Cross-site Scripting6 documents6 sources

Severity

5.4MEDIUMNVD

EPSS

11.1%

top 6.51%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Corporation Skype FOR Business Microsoft Office

Timeline

PublishedJun 15

Latest updateMay 14

Description

A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5microsoft_corporation/skype_for_businessMicrosoft Office 2016 Click-to-Run (C2R)

▶NVDmicrosoft/office2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-5r97-fxfw-c4wj: A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Busin↗2022-05-14

▶

CVEList

CVE-2017-8550: A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Busin↗2017-06-15

▶

💥Exploits & PoCs

Exploit-DB

Skype for Business 2016 - Cross-Site Scripting↗2017-07-12

▶

📋Vendor Advisories

Microsoft

Skype for Business Remote Code Execution Vulnerability↗2017-06-13

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - June 2017↗2017-06-13

▶