cvelistv5 - cve-2018-8474

CVE-2018-8474 (GCVE-0-2018-8474)

Vulnerability from cvelistv5 – Published: 2018-09-13 00:00 – Updated: 2024-08-05 06:54

Summary

A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security Feature Bypass Vulnerability." This affects Microsoft Lync.

Severity ?

No CVSS data available.

CWE

Security Feature Bypass

Assigner

microsoft

References

URL

Tags

	http://www.securitytracker.com/id/1041633	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/105268	vdb-entryx_refsource_BID
	https://www.exploit-db.com/exploits/45936/	exploitx_refsource_EXPLOIT-DB
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Microsoft	Microsoft Lync	Affected: Mac 2011

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:54:36.655Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041633",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041633"
          },
          {
            "name": "105268",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105268"
          },
          {
            "name": "45936",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45936/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Lync",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Mac 2011"
            }
          ]
        }
      ],
      "datePublic": "2018-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka \"Lync for Mac 2011 Security Feature Bypass Vulnerability.\" This affects Microsoft Lync."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Feature Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-05T10:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1041633",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041633"
        },
        {
          "name": "105268",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105268"
        },
        {
          "name": "45936",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45936/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8474",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Lync",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Mac 2011"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka \"Lync for Mac 2011 Security Feature Bypass Vulnerability.\" This affects Microsoft Lync."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Feature Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041633",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041633"
            },
            {
              "name": "105268",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105268"
            },
            {
              "name": "45936",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45936/"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8474",
    "datePublished": "2018-09-13T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:54:36.655Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:lync_for_mac:2011:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"424E8382-690C-466E-9B4E-6BF3077E32E1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka \\\"Lync for Mac 2011 Security Feature Bypass Vulnerability.\\\" This affects Microsoft Lync.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de omisi\\u00f3n de la caracter\\u00edstica de seguridad cuando Lync for Mac 2011 no sanea correctamente mensajes especialmente manipulados. Esto tambi\\u00e9n se conoce como \\\"Lync for Mac 2011 Security Feature Bypass Vulnerability\\\". Esto afecta a Microsoft Lync.\"}]",
      "id": "CVE-2018-8474",
      "lastModified": "2024-11-21T04:13:54.060",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-09-13T00:29:07.083",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/105268\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041633\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/45936/\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/105268\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041633\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/45936/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-8474\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2018-09-13T00:29:07.083\",\"lastModified\":\"2024-11-21T04:13:54.060\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka \\\"Lync for Mac 2011 Security Feature Bypass Vulnerability.\\\" This affects Microsoft Lync.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad cuando Lync for Mac 2011 no sanea correctamente mensajes especialmente manipulados. Esto tambi\u00e9n se conoce como \\\"Lync for Mac 2011 Security Feature Bypass Vulnerability\\\". Esto afecta a Microsoft Lync.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:lync_for_mac:2011:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"424E8382-690C-466E-9B4E-6BF3077E32E1\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105268\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041633\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/45936/\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/105268\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041633\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/45936/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

FKIE_CVE-2018-8474

Vulnerability from fkie_nvd - Published: 2018-09-13 00:29 - Updated: 2024-11-21 04:13

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/105268	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1041633	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474	Vendor Advisory
secure@microsoft.com	https://www.exploit-db.com/exploits/45936/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105268	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041633	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/45936/	Exploit, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	microsoft	lync_for_mac	2011

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:lync_for_mac:2011:*:*:*:*:*:*:*",
              "matchCriteriaId": "424E8382-690C-466E-9B4E-6BF3077E32E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka \"Lync for Mac 2011 Security Feature Bypass Vulnerability.\" This affects Microsoft Lync."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad cuando Lync for Mac 2011 no sanea correctamente mensajes especialmente manipulados. Esto tambi\u00e9n se conoce como \"Lync for Mac 2011 Security Feature Bypass Vulnerability\". Esto afecta a Microsoft Lync."
    }
  ],
  "id": "CVE-2018-8474",
  "lastModified": "2024-11-21T04:13:54.060",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-13T00:29:07.083",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105268"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041633"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45936/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041633"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45936/"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-F9XX-WCF7-JWV3

Vulnerability from github – Published: 2022-05-14 01:30 – Updated: 2022-05-14 01:30

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-8474"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-13T00:29:00Z",
    "severity": "HIGH"
  },
  "details": "A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka \"Lync for Mac 2011 Security Feature Bypass Vulnerability.\" This affects Microsoft Lync.",
  "id": "GHSA-f9xx-wcf7-jwv3",
  "modified": "2022-05-14T01:30:15Z",
  "published": "2022-05-14T01:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8474"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/45936"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105268"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041633"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2018-AVI-438

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données, une exécution de code à distance, une usurpation d'identité et un contournement de la fonctionnalité de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	ChakraCore
Microsoft	N/A	Microsoft.Data.OData
Microsoft	N/A	System.IO.Pipelines
Microsoft	Azure	C SDK pour Azure IoT
Microsoft	N/A	Microsoft Lync pour Mac 2011

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 11 septembre 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft.Data.OData",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "System.IO.Pipelines",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "C SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync pour Mac 2011",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-8391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8391"
    },
    {
      "name": "CVE-2018-8409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8409"
    },
    {
      "name": "CVE-2018-8479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8479"
    },
    {
      "name": "CVE-2018-8315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8315"
    },
    {
      "name": "CVE-2018-8269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8269"
    },
    {
      "name": "CVE-2018-8456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8456"
    },
    {
      "name": "CVE-2018-8466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8466"
    },
    {
      "name": "CVE-2018-8467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8467"
    },
    {
      "name": "CVE-2018-8459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8459"
    },
    {
      "name": "CVE-2018-8452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8452"
    },
    {
      "name": "CVE-2018-8367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8367"
    },
    {
      "name": "CVE-2018-8465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8465"
    },
    {
      "name": "CVE-2018-8354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8354"
    },
    {
      "name": "CVE-2018-8474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8474"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-438",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-09-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance, une\nusurpation d\u0027identit\u00e9 et un contournement de la fonctionnalit\u00e9 de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 11 septembre 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2018-AVI-438

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	ChakraCore
Microsoft	N/A	Microsoft.Data.OData
Microsoft	N/A	System.IO.Pipelines
Microsoft	Azure	C SDK pour Azure IoT
Microsoft	N/A	Microsoft Lync pour Mac 2011

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 11 septembre 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft.Data.OData",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "System.IO.Pipelines",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "C SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync pour Mac 2011",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-8391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8391"
    },
    {
      "name": "CVE-2018-8409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8409"
    },
    {
      "name": "CVE-2018-8479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8479"
    },
    {
      "name": "CVE-2018-8315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8315"
    },
    {
      "name": "CVE-2018-8269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8269"
    },
    {
      "name": "CVE-2018-8456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8456"
    },
    {
      "name": "CVE-2018-8466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8466"
    },
    {
      "name": "CVE-2018-8467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8467"
    },
    {
      "name": "CVE-2018-8459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8459"
    },
    {
      "name": "CVE-2018-8452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8452"
    },
    {
      "name": "CVE-2018-8367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8367"
    },
    {
      "name": "CVE-2018-8465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8465"
    },
    {
      "name": "CVE-2018-8354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8354"
    },
    {
      "name": "CVE-2018-8474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8474"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-438",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-09-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance, une\nusurpation d\u0027identit\u00e9 et un contournement de la fonctionnalit\u00e9 de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 11 septembre 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

GSD-2018-8474

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-8474

Aliases

CVE-2018-8474

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-8474",
    "description": "A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka \"Lync for Mac 2011 Security Feature Bypass Vulnerability.\" This affects Microsoft Lync.",
    "id": "GSD-2018-8474",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2018-8474"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-8474"
      ],
      "details": "A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka \"Lync for Mac 2011 Security Feature Bypass Vulnerability.\" This affects Microsoft Lync.",
      "id": "GSD-2018-8474",
      "modified": "2023-12-13T01:22:34.991655Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2018-8474",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Lync",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Mac 2011"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka \"Lync for Mac 2011 Security Feature Bypass Vulnerability.\" This affects Microsoft Lync."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Security Feature Bypass"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1041633",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1041633"
          },
          {
            "name": "105268",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105268"
          },
          {
            "name": "45936",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/45936/"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:lync_for_mac:2011:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8474"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka \"Lync for Mac 2011 Security Feature Bypass Vulnerability.\" This affects Microsoft Lync."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474"
            },
            {
              "name": "1041633",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1041633"
            },
            {
              "name": "105268",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105268"
            },
            {
              "name": "45936",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/45936/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-02-28T16:28Z",
      "publishedDate": "2018-09-13T00:29Z"
    }
  }
}

CNVD-2018-24939

Vulnerability from cnvd - Published: 2018-12-10

Title

Microsoft Lync for Mac安全绕过漏洞

Description

Microsoft Lync（前称Microsoft Office Communicator）for Mac是美国微软（Microsoft）公司发布的用于Mac系统的新一代企业整合沟通平台。该平台能够跨越PC、Web、手机等其他移动设备，将不同的沟通方式集成到一个平台中。 Microsoft Lync for Mac 2011存在安全功能绕过漏洞，该漏洞源于程序未能正确地过滤特制的消息。攻击者可通过发送特制的消息利用该漏洞造成用户系统浏览至攻击者指定的网站或操作系统安全文件类型列表中的文件类型。

Severity

中

Patch Name

Microsoft Lync for Mac安全绕过漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474

Reference

https://www.securityfocus.com/bid/105268 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8474

Impacted products

Name
Microsoft Lync for Mac 2011

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "105268"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8474"
    }
  },
  "description": "Microsoft Lync\uff08\u524d\u79f0Microsoft Office Communicator\uff09for Mac\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u7528\u4e8eMac\u7cfb\u7edf\u7684\u65b0\u4e00\u4ee3\u4f01\u4e1a\u6574\u5408\u6c9f\u901a\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u80fd\u591f\u8de8\u8d8aPC\u3001Web\u3001\u624b\u673a\u7b49\u5176\u4ed6\u79fb\u52a8\u8bbe\u5907\uff0c\u5c06\u4e0d\u540c\u7684\u6c9f\u901a\u65b9\u5f0f\u96c6\u6210\u5230\u4e00\u4e2a\u5e73\u53f0\u4e2d\u3002\n\nMicrosoft Lync for Mac 2011\u5b58\u5728\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u7279\u5236\u7684\u6d88\u606f\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u7528\u6237\u7cfb\u7edf\u6d4f\u89c8\u81f3\u653b\u51fb\u8005\u6307\u5b9a\u7684\u7f51\u7ad9\u6216\u64cd\u4f5c\u7cfb\u7edf\u5b89\u5168\u6587\u4ef6\u7c7b\u578b\u5217\u8868\u4e2d\u7684\u6587\u4ef6\u7c7b\u578b\u3002",
  "discovererName": "Paul Burkeland of TrustedSec",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-24939",
  "openTime": "2018-12-10",
  "patchDescription": "Microsoft Lync\uff08\u524d\u79f0Microsoft Office Communicator\uff09for Mac\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u7528\u4e8eMac\u7cfb\u7edf\u7684\u65b0\u4e00\u4ee3\u4f01\u4e1a\u6574\u5408\u6c9f\u901a\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u80fd\u591f\u8de8\u8d8aPC\u3001Web\u3001\u624b\u673a\u7b49\u5176\u4ed6\u79fb\u52a8\u8bbe\u5907\uff0c\u5c06\u4e0d\u540c\u7684\u6c9f\u901a\u65b9\u5f0f\u96c6\u6210\u5230\u4e00\u4e2a\u5e73\u53f0\u4e2d\u3002\r\n\r\nMicrosoft Lync for Mac 2011\u5b58\u5728\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u7279\u5236\u7684\u6d88\u606f\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u7528\u6237\u7cfb\u7edf\u6d4f\u89c8\u81f3\u653b\u51fb\u8005\u6307\u5b9a\u7684\u7f51\u7ad9\u6216\u64cd\u4f5c\u7cfb\u7edf\u5b89\u5168\u6587\u4ef6\u7c7b\u578b\u5217\u8868\u4e2d\u7684\u6587\u4ef6\u7c7b\u578b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Lync for Mac\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Lync for Mac 2011"
  },
  "referenceLink": "https://www.securityfocus.com/bid/105268\r\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8474",
  "serverity": "\u4e2d",
  "submitTime": "2018-09-12",
  "title": "Microsoft Lync for Mac\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-8474 (GCVE-0-2018-8474)

FKIE_CVE-2018-8474

GHSA-F9XX-WCF7-JWV3

CERTFR-2018-AVI-438

Solution

CERTFR-2018-AVI-438

Solution

GSD-2018-8474

CNVD-2018-24939

Tags

Sightings

Nomenclature