cbcvebase.
CVE-2018-8474
published 2018-09-13

CVE-2018-8474: A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security…

PriorityP264high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EXPLOIT
EPSS
38.18%
98.4th percentile
A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security Feature Bypass Vulnerability." This affects Microsoft Lync.

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftlync_for_mac
microsoftmicrosoft_lync
msrcmicrosoft_lync_for_mac_2011

Detection & IOCsextracted from sources · hover to see the quote

pathC:\Program Files\Microsoft Office\Office15\LyncSDK\Assemblies\Desktop\Microsoft.Lync.Model.dll
  • Monitor for use of the Lync 2013 SDK DLL (Microsoft.Lync.Model.dll) being loaded by unexpected or non-standard processes, as the exploit requires it on the originating machine.
  • Monitor for PowerShell scripts invoking Microsoft.Lync.Model namespace methods (LyncClient::GetClient, ConversationManager.AddConversation, BeginSendMessage) as indicators of programmatic IM injection.
  • ·Microsoft has confirmed no patch will be issued for this vulnerability in Lync for Mac 2011. The only remediation is migration to a newer client.
  • ·The targeted victim requires no interaction after receiving the malicious message, making endpoint-side behavioral detection (unexpected browser launch or file download from Lync process) the primary detection surface.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_msrc7.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.