CVE-2018-8238
Summary
| CVE | CVE-2018-8238 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-11 00:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Lync | 2013 | sp1 | All | All |
| Application | Microsoft | Lync | 2013 | sp1 | All | All |
| Application | Microsoft | Skype For Business | 2016 | All | All | All |
| Application | Microsoft | Skype For Business | 2016 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238 | CONFIRM | portal.msrc.microsoft.com | Patch, Vendor Advisory |
| Microsoft Skype for Business and Lync CVE-2018-8238 Security Bypass Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.