Skype for Business Elevation of Privilege Vulnerability - CVE-2017-11786ID: oval:org.secpod.oval:def:42374 | Date: (C)2017-10-12 (M)2024-04-15 |
Class: VULNERABILITY | Family: windows |
An elevation of privilege vulnerability exists when Skype for Business fails to properly handle specific authentication requests. An authenticated attacker who successfully exploited this vulnerability could steal an authentication hash that can be reused elsewhere. The attacker could then take any action that the user had permissions for, causing possible outcomes that could vary between users. To exploit the vulnerability, an attacker could invite a user to an instant message session while using a malicious profile image. The security update addresses the vulnerability by correcting how Skype for Business handles authentication requests.
Platform: |
Microsoft Windows 7 |
Microsoft Windows 8 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Vista |
Microsoft Windows 10 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows XP |
Product: |
Skype for Business 2016 |