CVE-2018-8238 - A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse

CVE-2018-8238

Summary

A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.

References

http://www.securityfocus.com/bid/104619
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238

Vulnerable Configurations

cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	104619
confirm	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238

Last major update

03-10-2019 - 00:03

Published

11-07-2018 - 00:29

Last modified

03-10-2019 - 00:03