cnvd - cnvd-2018-24939

cnvd-2018-24939

Vulnerability from cnvd

Title: Microsoft Lync for Mac安全绕过漏洞

Description:

Microsoft Lync（前称Microsoft Office Communicator）for Mac是美国微软（Microsoft）公司发布的用于Mac系统的新一代企业整合沟通平台。该平台能够跨越PC、Web、手机等其他移动设备，将不同的沟通方式集成到一个平台中。

Microsoft Lync for Mac 2011存在安全功能绕过漏洞，该漏洞源于程序未能正确地过滤特制的消息。攻击者可通过发送特制的消息利用该漏洞造成用户系统浏览至攻击者指定的网站或操作系统安全文件类型列表中的文件类型。

Severity: 中

Patch Name: Microsoft Lync for Mac安全绕过漏洞的补丁

Patch Description:

Microsoft Lync for Mac 2011存在安全功能绕过漏洞，该漏洞源于程序未能正确地过滤特制的消息。攻击者可通过发送特制的消息利用该漏洞造成用户系统浏览至攻击者指定的网站或操作系统安全文件类型列表中的文件类型。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474

Reference: https://www.securityfocus.com/bid/105268 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8474

Impacted products

Name
Microsoft Lync for Mac 2011

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "105268"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8474"
    }
  },
  "description": "Microsoft Lync\uff08\u524d\u79f0Microsoft Office Communicator\uff09for Mac\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u7528\u4e8eMac\u7cfb\u7edf\u7684\u65b0\u4e00\u4ee3\u4f01\u4e1a\u6574\u5408\u6c9f\u901a\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u80fd\u591f\u8de8\u8d8aPC\u3001Web\u3001\u624b\u673a\u7b49\u5176\u4ed6\u79fb\u52a8\u8bbe\u5907\uff0c\u5c06\u4e0d\u540c\u7684\u6c9f\u901a\u65b9\u5f0f\u96c6\u6210\u5230\u4e00\u4e2a\u5e73\u53f0\u4e2d\u3002\n\nMicrosoft Lync for Mac 2011\u5b58\u5728\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u7279\u5236\u7684\u6d88\u606f\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u7528\u6237\u7cfb\u7edf\u6d4f\u89c8\u81f3\u653b\u51fb\u8005\u6307\u5b9a\u7684\u7f51\u7ad9\u6216\u64cd\u4f5c\u7cfb\u7edf\u5b89\u5168\u6587\u4ef6\u7c7b\u578b\u5217\u8868\u4e2d\u7684\u6587\u4ef6\u7c7b\u578b\u3002",
  "discovererName": "Paul Burkeland of TrustedSec",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-24939",
  "openTime": "2018-12-10",
  "patchDescription": "Microsoft Lync\uff08\u524d\u79f0Microsoft Office Communicator\uff09for Mac\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u7528\u4e8eMac\u7cfb\u7edf\u7684\u65b0\u4e00\u4ee3\u4f01\u4e1a\u6574\u5408\u6c9f\u901a\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u80fd\u591f\u8de8\u8d8aPC\u3001Web\u3001\u624b\u673a\u7b49\u5176\u4ed6\u79fb\u52a8\u8bbe\u5907\uff0c\u5c06\u4e0d\u540c\u7684\u6c9f\u901a\u65b9\u5f0f\u96c6\u6210\u5230\u4e00\u4e2a\u5e73\u53f0\u4e2d\u3002\r\n\r\nMicrosoft Lync for Mac 2011\u5b58\u5728\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u7279\u5236\u7684\u6d88\u606f\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u7528\u6237\u7cfb\u7edf\u6d4f\u89c8\u81f3\u653b\u51fb\u8005\u6307\u5b9a\u7684\u7f51\u7ad9\u6216\u64cd\u4f5c\u7cfb\u7edf\u5b89\u5168\u6587\u4ef6\u7c7b\u578b\u5217\u8868\u4e2d\u7684\u6587\u4ef6\u7c7b\u578b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Lync for Mac\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Lync for Mac 2011"
  },
  "referenceLink": "https://www.securityfocus.com/bid/105268\r\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8474",
  "serverity": "\u4e2d",
  "submitTime": "2018-09-12",
  "title": "Microsoft Lync for Mac\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2018-8474 (GCVE-0-2018-8474)

Vulnerability from cvelistv5

Published

2018-09-13 00:00

Modified

2024-08-05 06:54

Severity ?

CWE

Security Feature Bypass

Summary

A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security Feature Bypass Vulnerability." This affects Microsoft Lync.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1041633	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/105268	vdb-entry, x_refsource_BID
	https://www.exploit-db.com/exploits/45936/	exploit, x_refsource_EXPLOIT-DB
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Microsoft	Microsoft Lync	Version: Mac 2011

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:54:36.655Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041633",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041633"
          },
          {
            "name": "105268",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105268"
          },
          {
            "name": "45936",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45936/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Lync",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Mac 2011"
            }
          ]
        }
      ],
      "datePublic": "2018-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka \"Lync for Mac 2011 Security Feature Bypass Vulnerability.\" This affects Microsoft Lync."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Feature Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-05T10:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1041633",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041633"
        },
        {
          "name": "105268",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105268"
        },
        {
          "name": "45936",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45936/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8474",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Lync",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Mac 2011"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka \"Lync for Mac 2011 Security Feature Bypass Vulnerability.\" This affects Microsoft Lync."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Feature Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041633",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041633"
            },
            {
              "name": "105268",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105268"
            },
            {
              "name": "45936",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45936/"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8474",
    "datePublished": "2018-09-13T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:54:36.655Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted