CVE-2017-8550

5.4MEDIUM

Key Information:

Vendor: Microsoft
Status: Skype For Business
Vendor: CVE Published:; 15 June 2017

Summary

A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".

Affected Version(s)

Skype for Business Microsoft Office 2016 Click-to-Run (C2R)

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

https://www.exploit-db.com/exploits/42316/

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/98916

vdb-entryx_refsource_BID

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 15, 2017
Vulnerability Reserved
May 3, 2017

Collectors

NVD DatabaseMitre Database