Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-8474

CWE-20Improper Input Validation5 documents5 sources
Severity
7.5HIGH
EPSS
24.4%
top 3.89%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Microsoft LyncMicrosoft Lync FOR MAC
Timeline
PublishedSep 13
Latest updateMay 14

Description

A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security Feature Bypass Vulnerability." This affects Microsoft Lync.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDmicrosoft/lync2011
CVEListV5microsoft/microsoft_lyncMac 2011

🔴Vulnerability Details

2
GHSA
GHSA-f9xx-wcf7-jwv3: A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Se2022-05-14
CVEList
CVE-2018-8474: A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Se2018-09-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download2018-12-04

📋Vendor Advisories

1
Microsoft
Lync for Mac 2011 Security Feature Bypass Vulnerability2018-09-11
CVE-2018-8474 (HIGH CVSS 7.5) | A security feature bypass vulnerabi | cvebase.io