cvelistv5 - cve-2018-8311

CVE-2018-8311 (GCVE-0-2018-8311)

Vulnerability from cvelistv5 – Published: 2018-07-11 00:00 – Updated: 2024-08-05 06:54

Summary

A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.

Severity ?

No CVSS data available.

CWE

Remote Code Execution

Assigner

microsoft

References

URL

Tags

	http://www.securityfocus.com/bid/104624	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1041259	vdb-entryx_refsource_SECTRACK
	http://www.securitytracker.com/id/1041260	vdb-entryx_refsource_SECTRACK
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Microsoft

Skype

Affected: Business 2016 (32-bit)
Affected: Business 2016 (64-bit)

Microsoft

Microsoft Lync

Affected: 2013 Service Pack 1 (32-bit)
Affected: 2013 Service Pack 1 (64-bit)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:54:35.227Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104624",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104624"
          },
          {
            "name": "1041259",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041259"
          },
          {
            "name": "1041260",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041260"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Skype",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Business 2016 (32-bit)"
            },
            {
              "status": "affected",
              "version": "Business 2016 (64-bit)"
            }
          ]
        },
        {
          "product": "Microsoft Lync",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (32-bit)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (64-bit)"
            }
          ]
        }
      ],
      "datePublic": "2018-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "104624",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104624"
        },
        {
          "name": "1041259",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041259"
        },
        {
          "name": "1041260",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041260"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8311",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Skype",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Business 2016 (32-bit)"
                          },
                          {
                            "version_value": "Business 2016 (64-bit)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Lync",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2013 Service Pack 1 (32-bit)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (64-bit)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104624",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104624"
            },
            {
              "name": "1041259",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041259"
            },
            {
              "name": "1041260",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041260"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8311",
    "datePublished": "2018-07-11T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:54:35.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:lync:-:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"605BEB18-4D7E-4D29-8FC0-DCE26AAE66B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:skype_for_business:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F70BCCBB-0EB1-4A70-B484-184BD572B0F3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \\\"Remote Code Execution Vulnerability in Skype For Business and Lync.\\\" This affects Skype, Microsoft Lync.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de ejecuci\\u00f3n remota de c\\u00f3digo cuando los clientes Skype for Business y Microsoft Lync no sanean correctamente el contenido especialmente manipulado. Esto tambi\\u00e9n se conoce como \\\"Remote Code Execution Vulnerability in Skype For Business and Lync\\\". Esto afecta a Skype y Microsoft Lync.\"}]",
      "id": "CVE-2018-8311",
      "lastModified": "2024-11-21T04:13:35.997",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-07-11T00:29:02.133",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/104624\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041259\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041260\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/104624\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041259\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041260\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-8311\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2018-07-11T00:29:02.133\",\"lastModified\":\"2024-11-21T04:13:35.997\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \\\"Remote Code Execution Vulnerability in Skype For Business and Lync.\\\" This affects Skype, Microsoft Lync.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo cuando los clientes Skype for Business y Microsoft Lync no sanean correctamente el contenido especialmente manipulado. Esto tambi\u00e9n se conoce como \\\"Remote Code Execution Vulnerability in Skype For Business and Lync\\\". Esto afecta a Skype y Microsoft Lync.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:lync:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"605BEB18-4D7E-4D29-8FC0-DCE26AAE66B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:skype_for_business:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F70BCCBB-0EB1-4A70-B484-184BD572B0F3\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104624\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041259\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041260\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104624\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041259\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041260\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-V5V7-QP5P-HXJG

Vulnerability from github – Published: 2022-05-14 03:00 – Updated: 2022-05-14 03:00

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-8311"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-11T00:29:00Z",
    "severity": "HIGH"
  },
  "details": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync.",
  "id": "GHSA-v5v7-qp5p-hxjg",
  "modified": "2022-05-14T03:00:08Z",
  "published": "2022-05-14T03:00:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8311"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104624"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041259"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041260"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-8311

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-8311

Aliases

CVE-2018-8311

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-8311",
    "description": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync.",
    "id": "GSD-2018-8311"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-8311"
      ],
      "details": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync.",
      "id": "GSD-2018-8311",
      "modified": "2023-12-13T01:22:34.808486Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2018-8311",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Skype",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Business 2016 (32-bit)"
                        },
                        {
                          "version_value": "Business 2016 (64-bit)"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Lync",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2013 Service Pack 1 (32-bit)"
                        },
                        {
                          "version_value": "2013 Service Pack 1 (64-bit)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "104624",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/104624"
          },
          {
            "name": "1041259",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1041259"
          },
          {
            "name": "1041260",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1041260"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:skype_for_business:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:lync:-:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8311"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
            },
            {
              "name": "1041260",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1041260"
            },
            {
              "name": "1041259",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1041259"
            },
            {
              "name": "104624",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/104624"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-09-10T19:36Z",
      "publishedDate": "2018-07-11T00:29Z"
    }
  }
}

CERTFR-2018-AVI-338

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code à distance, une usurpation d'identité et un contournement de la fonctionnalité de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	ChakraCore
Microsoft	N/A	Microsoft Lync 2013 Service Pack 1 (64 bits)
Microsoft	N/A	Skype pour Business 2016 (64 bits)
Microsoft	N/A	Microsoft Visual Studio 2017 Version 15.7.5
Microsoft	N/A	Microsoft Visual Studio 2010 Service Pack 1
Microsoft	N/A	Microsoft Access 2016 (édition 32 bits)
Microsoft	N/A	Microsoft Visual Studio 2017 Version 15.8 Preview
Microsoft	N/A	Microsoft Visual Studio 2013 Update 5
Microsoft	N/A	Microsoft Access 2013 Service Pack 1 (éditions 32 bits)
Microsoft	N/A	Microsoft Visual Studio 2015 Update 3
Microsoft	N/A	Microsoft Access 2016 (édition 64 bits)
Microsoft	N/A	Microsoft Visual Studio 2017
Microsoft	N/A	Microsoft Wireless Display Adapter V2 Software Version 2.0.8350
Microsoft	N/A	Microsoft Access 2013 Service Pack 1 (éditions 64 bits)
Microsoft	N/A	PowerShell Extension pour Visual Studio Code
Microsoft	N/A	Skype pour Business 2016 (32 bits)
Microsoft	N/A	Microsoft Research JavaScript Cryptography Library
Microsoft	N/A	PowerShell Editor Services
Microsoft	N/A	Microsoft Visual Studio 2012 Update 5
Microsoft	N/A	Microsoft Wireless Display Adapter V2 Software Version 2.0.8372
Microsoft	N/A	Expression Blend 4 Service Pack 3
Microsoft	N/A	Microsoft Wireless Display Adapter V2 Software Version 2.0.8365
Microsoft	N/A	Web Customizations pour Active Directory Federation Services
Microsoft	N/A	Microsoft Lync 2013 Service Pack 1 (32 bits)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 10 juillet 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2013 Service Pack 1 (64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 (64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 Version 15.7.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2010 Service Pack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Access 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 Version 15.8 Preview",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2013 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Access 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2015 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Access 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Wireless Display Adapter V2 Software Version 2.0.8350",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Access 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerShell Extension pour Visual Studio Code",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 (32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Research JavaScript Cryptography Library",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerShell Editor Services",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2012 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Wireless Display Adapter V2 Software Version 2.0.8372",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Expression Blend 4 Service Pack 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Wireless Display Adapter V2 Software Version 2.0.8365",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Web Customizations pour Active Directory Federation Services",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2013 Service Pack 1 (32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-8283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8283"
    },
    {
      "name": "CVE-2018-8276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8276"
    },
    {
      "name": "CVE-2018-8291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8291"
    },
    {
      "name": "CVE-2018-8306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8306"
    },
    {
      "name": "CVE-2018-8290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8290"
    },
    {
      "name": "CVE-2018-8238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8238"
    },
    {
      "name": "CVE-2018-8327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8327"
    },
    {
      "name": "CVE-2018-8172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8172"
    },
    {
      "name": "CVE-2018-8298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8298"
    },
    {
      "name": "CVE-2018-8326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8326"
    },
    {
      "name": "CVE-2018-8288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8288"
    },
    {
      "name": "CVE-2018-8312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8312"
    },
    {
      "name": "CVE-2018-8319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8319"
    },
    {
      "name": "CVE-2018-8311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8311"
    },
    {
      "name": "CVE-2018-8232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8232"
    },
    {
      "name": "CVE-2018-8294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8294"
    },
    {
      "name": "CVE-2018-8286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8286"
    },
    {
      "name": "CVE-2018-8279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8279"
    },
    {
      "name": "CVE-2018-8280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8280"
    },
    {
      "name": "CVE-2018-8287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8287"
    },
    {
      "name": "CVE-2018-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8275"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-338",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-07-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance, une usurpation\nd\u0027identit\u00e9 et un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 juillet 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2018-AVI-338

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	ChakraCore
Microsoft	N/A	Microsoft Lync 2013 Service Pack 1 (64 bits)
Microsoft	N/A	Skype pour Business 2016 (64 bits)
Microsoft	N/A	Microsoft Visual Studio 2017 Version 15.7.5
Microsoft	N/A	Microsoft Visual Studio 2010 Service Pack 1
Microsoft	N/A	Microsoft Access 2016 (édition 32 bits)
Microsoft	N/A	Microsoft Visual Studio 2017 Version 15.8 Preview
Microsoft	N/A	Microsoft Visual Studio 2013 Update 5
Microsoft	N/A	Microsoft Access 2013 Service Pack 1 (éditions 32 bits)
Microsoft	N/A	Microsoft Visual Studio 2015 Update 3
Microsoft	N/A	Microsoft Access 2016 (édition 64 bits)
Microsoft	N/A	Microsoft Visual Studio 2017
Microsoft	N/A	Microsoft Wireless Display Adapter V2 Software Version 2.0.8350
Microsoft	N/A	Microsoft Access 2013 Service Pack 1 (éditions 64 bits)
Microsoft	N/A	PowerShell Extension pour Visual Studio Code
Microsoft	N/A	Skype pour Business 2016 (32 bits)
Microsoft	N/A	Microsoft Research JavaScript Cryptography Library
Microsoft	N/A	PowerShell Editor Services
Microsoft	N/A	Microsoft Visual Studio 2012 Update 5
Microsoft	N/A	Microsoft Wireless Display Adapter V2 Software Version 2.0.8372
Microsoft	N/A	Expression Blend 4 Service Pack 3
Microsoft	N/A	Microsoft Wireless Display Adapter V2 Software Version 2.0.8365
Microsoft	N/A	Web Customizations pour Active Directory Federation Services
Microsoft	N/A	Microsoft Lync 2013 Service Pack 1 (32 bits)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 10 juillet 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2013 Service Pack 1 (64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 (64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 Version 15.7.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2010 Service Pack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Access 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 Version 15.8 Preview",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2013 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Access 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2015 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Access 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Wireless Display Adapter V2 Software Version 2.0.8350",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Access 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerShell Extension pour Visual Studio Code",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 (32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Research JavaScript Cryptography Library",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerShell Editor Services",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2012 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Wireless Display Adapter V2 Software Version 2.0.8372",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Expression Blend 4 Service Pack 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Wireless Display Adapter V2 Software Version 2.0.8365",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Web Customizations pour Active Directory Federation Services",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2013 Service Pack 1 (32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-8283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8283"
    },
    {
      "name": "CVE-2018-8276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8276"
    },
    {
      "name": "CVE-2018-8291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8291"
    },
    {
      "name": "CVE-2018-8306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8306"
    },
    {
      "name": "CVE-2018-8290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8290"
    },
    {
      "name": "CVE-2018-8238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8238"
    },
    {
      "name": "CVE-2018-8327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8327"
    },
    {
      "name": "CVE-2018-8172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8172"
    },
    {
      "name": "CVE-2018-8298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8298"
    },
    {
      "name": "CVE-2018-8326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8326"
    },
    {
      "name": "CVE-2018-8288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8288"
    },
    {
      "name": "CVE-2018-8312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8312"
    },
    {
      "name": "CVE-2018-8319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8319"
    },
    {
      "name": "CVE-2018-8311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8311"
    },
    {
      "name": "CVE-2018-8232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8232"
    },
    {
      "name": "CVE-2018-8294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8294"
    },
    {
      "name": "CVE-2018-8286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8286"
    },
    {
      "name": "CVE-2018-8279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8279"
    },
    {
      "name": "CVE-2018-8280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8280"
    },
    {
      "name": "CVE-2018-8287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8287"
    },
    {
      "name": "CVE-2018-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8275"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-338",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-07-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance, une usurpation\nd\u0027identit\u00e9 et un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 juillet 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

FKIE_CVE-2018-8311

Vulnerability from fkie_nvd - Published: 2018-07-11 00:29 - Updated: 2024-11-21 04:13

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/104624	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1041259	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1041260	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104624	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041259	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041260	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311	Vendor Advisory

Impacted products

	Vendor	Product	Version
	microsoft	lync	-
	microsoft	skype_for_business	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:lync:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "605BEB18-4D7E-4D29-8FC0-DCE26AAE66B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:skype_for_business:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F70BCCBB-0EB1-4A70-B484-184BD572B0F3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo cuando los clientes Skype for Business y Microsoft Lync no sanean correctamente el contenido especialmente manipulado. Esto tambi\u00e9n se conoce como \"Remote Code Execution Vulnerability in Skype For Business and Lync\". Esto afecta a Skype y Microsoft Lync."
    }
  ],
  "id": "CVE-2018-8311",
  "lastModified": "2024-11-21T04:13:35.997",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-11T00:29:02.133",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104624"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041259"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041260"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2018-15859

Vulnerability from cnvd - Published: 2018-08-22

Title

Microsoft Lync和Skype for Business远程代码执行漏洞（CNVD-2018-15859）

Description

Microsoft Lync和Skype for Business都是美国微软（Microsoft）公司产品。Microsoft Lync（前称Microsoft Office Communicator）是发布的新一代企业整合沟通平台。Skype for Business是一套企业整合沟通平台。 Microsoft Lync 2013 SP1和Skype for Business 2016中存在远程代码执行漏洞，该漏洞源于程序未正确的过滤特制的内容。远程攻击者可利用该漏洞在当前用户的上下文中执行任意代码，破坏内存。

Severity

高

Patch Name

Microsoft Lync和Skype for Business远程代码执行漏洞（CNVD-2018-15859）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-8311

Impacted products

Name
['Microsoft Lync 2013 SP1', 'Microsoft Skype for Business 2016']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104624"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8311",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8311"
    }
  },
  "description": "Microsoft Lync\u548cSkype for Business\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u4ea7\u54c1\u3002Microsoft Lync\uff08\u524d\u79f0Microsoft Office Communicator\uff09\u662f\u53d1\u5e03\u7684\u65b0\u4e00\u4ee3\u4f01\u4e1a\u6574\u5408\u6c9f\u901a\u5e73\u53f0\u3002Skype for Business\u662f\u4e00\u5957\u4f01\u4e1a\u6574\u5408\u6c9f\u901a\u5e73\u53f0\u3002\r\n\r\nMicrosoft Lync 2013 SP1\u548cSkype for Business 2016\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u6b63\u786e\u7684\u8fc7\u6ee4\u7279\u5236\u7684\u5185\u5bb9\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u7834\u574f\u5185\u5b58\u3002",
  "discovererName": "Ping Fan (Zetta) Ke of Valkyrie-X Security Research Group (VXRL)",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-15859",
  "openTime": "2018-08-22",
  "patchDescription": "Microsoft Lync\u548cSkype for Business\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u4ea7\u54c1\u3002Microsoft Lync\uff08\u524d\u79f0Microsoft Office Communicator\uff09\u662f\u53d1\u5e03\u7684\u65b0\u4e00\u4ee3\u4f01\u4e1a\u6574\u5408\u6c9f\u901a\u5e73\u53f0\u3002Skype for Business\u662f\u4e00\u5957\u4f01\u4e1a\u6574\u5408\u6c9f\u901a\u5e73\u53f0\u3002\r\n\r\nMicrosoft Lync 2013 SP1\u548cSkype for Business 2016\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u6b63\u786e\u7684\u8fc7\u6ee4\u7279\u5236\u7684\u5185\u5bb9\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u7834\u574f\u5185\u5b58\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Lync\u548cSkype for Business\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2018-15859\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Lync 2013 SP1",
      "Microsoft Skype for Business 2016"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-8311",
  "serverity": "\u9ad8",
  "submitTime": "2018-07-12",
  "title": "Microsoft Lync\u548cSkype for Business\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2018-15859\uff09"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-8311 (GCVE-0-2018-8311)

GHSA-V5V7-QP5P-HXJG

GSD-2018-8311

CERTFR-2018-AVI-338

Solution

CERTFR-2018-AVI-338

Solution

FKIE_CVE-2018-8311

CNVD-2018-15859

Tags

Sightings

Nomenclature