Microsoft Skype for Business and Lync CVE-2018-8311 Remote Code Execution Vulnerability

Bugtraq ID:	104624
Class:	Input Validation Error
CVE:	CVE-2018-8311
Remote:	Yes
Local:	No
Published:	Jul 10 2018 12:00AM
Updated:	Jul 10 2018 12:00AM
Credit:	Ping Fan (Zetta) Ke of Valkyrie-X Security Research Group (VXRL)
Vulnerable:	Microsoft Skype for Business 2016 (64-bit) 0 Microsoft Skype for Business 2016 (32-bit) 0 Microsoft Lync 2013 (64-bit) SP1 Microsoft Lync 2013 (32-bit) SP1
Not Vulnerable:

Microsoft Skype for Business and Lync CVE-2018-8311 Remote Code Execution Vulnerability

Microsoft Skype for Business and Lync are prone to a remote code-execution vulnerability.

Successfully exploiting this issue may result in the execution of arbitrary code in the context of the current user. Failed exploit attempts will likely result in denial-of-service conditions.

Microsoft Skype for Business and Lync CVE-2018-8311 Remote Code Execution Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Microsoft Skype for Business and Lync CVE-2018-8311 Remote Code Execution Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Microsoft Skype for Business and Lync CVE-2018-8311 Remote Code Execution Vulnerability

References:

• Microsoft Homepage (Microsoft)
  
• Skype Homepage (Skype Technologies)
  
• CVE-2018-8311 | Remote Code Execution Vulnerability in Skype For Business and Ly (Microsoft)