Main Vulnerability Database Vulnerabilities #VU36702

Input validation error in Lync for macOS - CVE-2018-8474

Published: September 13, 2018 / Updated: June 17, 2021

Vulnerability identifier: #VU36702

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2018-8474

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Microsoft

Affected software:
Lync for macOS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security Feature Bypass Vulnerability." This affects Microsoft Lync.

How to mitigate CVE-2018-8474

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/105268
http://www.securitytracker.com/id/1041633
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474
https://www.exploit-db.com/exploits/45936/

Input validation error in Lync for macOS - CVE-2018-8474

Detailed vulnerability description

How to mitigate CVE-2018-8474

Sources

Please verify you're human