Main Vulnerability Database Vulnerabilities #VU36702

#VU36702 Input validation error in Lync for macOS - CVE-2018-8474

Published: September 13, 2018 / Updated: June 17, 2021

Vulnerability identifier: #VU36702

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2018-8474

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Lync for macOS

Software vendor:
Microsoft

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security Feature Bypass Vulnerability." This affects Microsoft Lync.

Remediation

Install update from vendor's website.

External links

http://www.securityfocus.com/bid/105268
http://www.securitytracker.com/id/1041633
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474
https://www.exploit-db.com/exploits/45936/

#VU36702 Input validation error in Lync for macOS - CVE-2018-8474

Description

Remediation

External links

Please verify you're human