CVE-2017-8550
published 2017-06-15CVE-2017-8550: A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business…
PriorityP352medium5.4CVSS 3.0
AVNACHPRNUINSCCLILAN
EXPLOIT
EPSS
22.43%
97.4th percentile
A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft_corporation | skype_for_business | — | — |
| msrc | microsoft_office_2016_click-to-run_for_32-bit_editions | — | — |
| msrc | microsoft_office_2016_click-to-run_for_64-bit_editions | — | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_msrc5.4HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5r97-fxfw-c4wj: A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Busin
ghsa_unreviewed·2022-05-14
CVE-2017-8550 [MEDIUM] CWE-79 GHSA-5r97-fxfw-c4wj: A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Busin
A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".
Microsoft
Skype for Business Remote Code Execution Vulnerability
vendor_msrc·2017-06-13·CVSS 5.4
CVE-2017-8550 [MEDIUM] Skype for Business Remote Code Execution Vulnerability
Skype for Business Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Skype for Business and Microsoft Lync Servers fail to properly sanitize specially crafted content.
An authenticated attacker who successfully exploited this vulnerability could execute HTML and JavaScript content in the Skype for Business or Lync context. An attacker could use this vulnerability to open a web page using the default browser, open another messaging session with someone else, or potentially trigger other URIs defined on the client’s system for another application.
To exploit this vulnerability an attacker could invite a user to an instant message session and then send a message that contains specially crafted JavaScript content.
The update addresses the vulne
No detection rules found.
http://www.securityfocus.com/bid/98916https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8550https://www.exploit-db.com/exploits/42316/http://www.securityfocus.com/bid/98916https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8550https://www.exploit-db.com/exploits/42316/
2017-06-15
Published