cbcvebase.
CVE-2017-8550
published 2017-06-15

CVE-2017-8550: A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business…

PriorityP352medium5.4CVSS 3.0
AVNACHPRNUINSCCLILAN
EXPLOIT
EPSS
22.43%
97.4th percentile
A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".

Affected

4 ranges
VendorProductVersion rangeFixed in
microsoftoffice
microsoft_corporationskype_for_business
msrcmicrosoft_office_2016_click-to-run_for_32-bit_editions
msrcmicrosoft_office_2016_click-to-run_for_64-bit_editions

CVSS provenance

nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_msrc5.4HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.