Skype for Business Remote Code Execution Vulnerability - CVE-2017-8550ID: oval:org.secpod.oval:def:40985 | Date: (C)2017-06-15 (M)2023-07-13 |
Class: VULNERABILITY | Family: windows |
A remote code execution vulnerability exists when Skype for Business and Microsoft Lync Servers fail to properly sanitize specially crafted content.An authenticated attacker who successfully exploited this vulnerability could execute HTML and JavaScript content in the Skype for Business or Lync context. An attacker could use this vulnerability to open a web page using the default browser, open another messaging session with someone else, or potentially trigger other URIs defined on the clients system for another application.To exploit this vulnerability an attacker could invite a user to an instant message session and then send a message that contains specially crafted JavaScript content. The update addresses the vulnerability by correcting how Skype for Business and Lync Servers sanitize content.
Platform: |
Microsoft Windows Server 2019 |
Microsoft Windows 7 |
Microsoft Windows 8 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Vista |
Microsoft Windows 10 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows XP |
Product: |
Microsoft 365 Apps for Enterprise |