Search

Find a vulnerability

Search criteria

    66 vulnerabilities found for skype_for_business by microsoft

    CVE-2024-20673 (GCVE-0-2024-20673)

    Vulnerability from nvd – Published: 2024-02-13 18:02 – Updated: 2025-05-09 18:19
    VLAI
    Title
    Microsoft Office Remote Code Execution Vulnerability
    Summary
    Microsoft Office Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5435.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2016 Affected: 16.0.0 , < 16.0.5435.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerPoint 2016 Affected: 16.0.0 , < 16.0.5435.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visio 2016 Affected: 16.0.1 , < 16.0.5435.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5435.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Publisher 2016 Affected: 16.0.0 , < 16.0.5435.1000 (custom)
    Create a notification for this product.
    Microsoft Skype for Business 2016 Affected: 0 , < 16.0.5435.1000 (custom)
    Create a notification for this product.
    Date Public
    2024-02-13 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.338Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft Office Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20673",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-16T19:36:28.789462Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-09T18:19:21.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems",
                "32-bit Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5435.1000",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5435.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft PowerPoint 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5435.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Visio 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5435.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5435.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Publisher 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5435.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Skype for Business 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5435.1000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5435.1000",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5435.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5435.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5435.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5435.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:publisher:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5435.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:skype_for_business:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5435.1000",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Office Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693: Protection Mechanism Failure",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-03T01:37:00.336Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673"
            }
          ],
          "title": "Microsoft Office Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-20673",
        "datePublished": "2024-02-13T18:02:25.889Z",
        "dateReserved": "2023-11-28T22:58:12.117Z",
        "dateUpdated": "2025-05-09T18:19:21.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33633 (GCVE-0-2022-33633)

    Vulnerability from nvd – Published: 2022-07-12 22:37 – Updated: 2025-07-08 15:36
    VLAI
    Title
    Skype for Business and Lync Remote Code Execution Vulnerability
    Summary
    Skype for Business and Lync Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-33633",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-03T14:09:23.169275Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-03T14:09:39.044Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:22.295Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Skype for Business and Lync Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33633"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Lync Server 2013 CU10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8308.1198",
                  "status": "affected",
                  "version": "8308.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Skype for Business Server 2015 CU12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9319.634",
                  "status": "affected",
                  "version": "9319.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Skype for Business Server 2019 CU6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2046.404",
                  "status": "affected",
                  "version": "2046.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:lync_server:*:cumulative_update_10:*:*:*:*:*:*",
                      "versionEndExcluding": "8308.1198",
                      "versionStartIncluding": "8308.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:skype_for_business_server:*:cu12:*:*:*:*:*:*",
                      "versionEndExcluding": "9319.634",
                      "versionStartIncluding": "9319.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:skype_for_business_server:*:cu6:*:*:*:*:*:*",
                      "versionEndExcluding": "2046.404",
                      "versionStartIncluding": "2046.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Skype for Business and Lync Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T15:36:26.035Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Skype for Business and Lync Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33633"
            }
          ],
          "title": "Skype for Business and Lync Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2022-33633",
        "datePublished": "2022-07-12T22:37:56.000Z",
        "dateReserved": "2022-06-14T00:00:00.000Z",
        "dateUpdated": "2025-07-08T15:36:26.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1025 (GCVE-0-2020-1025)

    Vulnerability from nvd – Published: 2020-07-14 22:53 – Updated: 2024-08-04 06:24
    VLAI
    Title
    Microsoft Office Elevation of Privilege Vulnerability
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Skype for Business Server 2019 CU2 Affected: 7.0.0 , < publication (custom)
        cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Skype for Business Server 2015 CU 8 Affected: 2015 CU 8 , < publication (custom)
        cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Microsoft Lync Server 2013 Affected: 0 , < publication (custom)
        cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < publication (custom)
        cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < publication (custom)
        cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Microsoft SharePoint Foundation 2013 Service Pack 1 Affected: 15.0.0 , < publication (custom)
        cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2020-07-14 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:24:59.514Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Skype for Business Server 2019  CU2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Skype for Business Server 2015 CU 8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "2015 CU 8",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Lync Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Foundation 2013 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-14T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.\nTo exploit this vulnerability, an attacker would need to modify the token.\nThe update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-28T20:54:51.253Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025"
            }
          ],
          "title": "Microsoft Office Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-1025",
        "datePublished": "2020-07-14T22:53:56.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:24:59.514Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1490 (GCVE-0-2019-1490)

    Vulnerability from nvd – Published: 2019-12-10 21:41 – Updated: 2024-08-04 18:20
    VLAI
    Summary
    A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Spoofing
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:20:28.160Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype for Business Server 2019  CU2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business Server Spoofing Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-10T21:41:08.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1490",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype for Business Server 2019  CU2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business Server Spoofing Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1490",
        "datePublished": "2019-12-10T21:41:08.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:20:28.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1084 (GCVE-0-2019-1084)

    Vulnerability from nvd – Published: 2019-07-15 18:56 – Updated: 2024-08-04 18:06
    VLAI
    Summary
    An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Exchange Server Affected: 2010 Service Pack 3
    Create a notification for this product.
    Microsoft Microsoft Outlook Affected: 2010 Service Pack 2 (32-bit editions)
    Affected: 2010 Service Pack 2 (64-bit editions)
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Create a notification for this product.
    Microsoft Microsoft Office Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Affected: 2013 RT Service Pack 1
    Affected: 2016 for Mac
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Affected: 2019 for Mac
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Lync Basic Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Outlook for Android Affected: unspecified
    Create a notification for this product.
    Microsoft Skype for Business Affected: 2016 (32-bit)
    Affected: 2016 (64-bit)
    Create a notification for this product.
    Microsoft Skype for Business Basic Affected: 2016 (32-bit)
    Affected: 2016 (64-bit)
    Create a notification for this product.
    Microsoft Office 365 ProPlus Affected: 32-bit Systems
    Affected: 64-bit Systems
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2016 Affected: Cumulative Update 12
    Affected: Cumulative Update 13
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2019 Affected: Cumulative Update 1
    Affected: Cumulative Update 2
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2013 Affected: Cumulative Update 23
    Create a notification for this product.
    Microsoft Mail and Calendar Affected: unspecified
    Create a notification for this product.
    Microsoft Outlook for iOS Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 3"
                }
              ]
            },
            {
              "product": "Microsoft Outlook",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                }
              ]
            },
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 RT Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2016 for Mac"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for Mac"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Lync Basic",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Skype for Business",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Skype for Business Basic",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Office 365 ProPlus",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "64-bit Systems"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 13"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 1"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 2"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 23"
                }
              ]
            },
            {
              "product": "Mail and Calendar",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Outlook for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka \u0027Microsoft Exchange Information Disclosure Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-15T18:56:21.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1084",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Outlook",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2 (32-bit editions)"
                              },
                              {
                                "version_value": "2010 Service Pack 2 (64-bit editions)"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              },
                              {
                                "version_value": "2013 RT Service Pack 1"
                              },
                              {
                                "version_value": "2016 for Mac"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              },
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              },
                              {
                                "version_value": "2019 for Mac"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Outlook for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Skype for Business",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2016 (32-bit)"
                              },
                              {
                                "version_value": "2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Skype for Business Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2016 (32-bit)"
                              },
                              {
                                "version_value": "2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office 365 ProPlus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "32-bit Systems"
                              },
                              {
                                "version_value": "64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 12"
                              },
                              {
                                "version_value": "Cumulative Update 13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 1"
                              },
                              {
                                "version_value": "Cumulative Update 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 23"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Mail and Calendar",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Outlook for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka \u0027Microsoft Exchange Information Disclosure Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1084",
        "datePublished": "2019-07-15T18:56:21.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:06:31.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0624 (GCVE-0-2019-0624)

    Vulnerability from nvd – Published: 2019-01-17 18:00 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.
    Severity
    No CVSS data available.
    CWE
    • Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Skype Affected: Business Server 2015 CU 8
    Create a notification for this product.
    Date Public
    2019-01-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:26.802Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0624"
              },
              {
                "name": "106663",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106663"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Business Server 2015 CU 8"
                }
              ]
            }
          ],
          "datePublic": "2019-01-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka \"Skype for Business 2015 Spoofing Vulnerability.\" This affects Skype."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-22T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0624"
            },
            {
              "name": "106663",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106663"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0624",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Business Server 2015 CU 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka \"Skype for Business 2015 Spoofing Vulnerability.\" This affects Skype."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0624",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0624"
                },
                {
                  "name": "106663",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106663"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0624",
        "datePublished": "2019-01-17T18:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:26.802Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8546 (GCVE-0-2018-8546)

    Vulnerability from nvd – Published: 2018-11-14 01:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    References
    URL Tags
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/105802 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1042125 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Skype Affected: Business 2016 (32-bit)
    Affected: Business 2016 (64-bit)
    Affected: Business 2016 Basic (32-bit)
    Affected: Business 2016 Basic (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Office Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Create a notification for this product.
    Microsoft Office Affected: 365 ProPlus for 32-bit Systems
    Affected: 365 ProPlus for 64-bit Systems
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Affected: Basic 2013 Service Pack 1 (32-bit)
    Affected: Basic 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Date Public
    2018-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.364Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546"
              },
              {
                "name": "105802",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105802"
              },
              {
                "name": "1042125",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042125"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Business 2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 (64-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 Basic (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 Basic (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                }
              ]
            },
            {
              "product": "Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "365 ProPlus for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "365 ProPlus for 64-bit Systems"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                },
                {
                  "status": "affected",
                  "version": "Basic 2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Basic 2013 Service Pack 1 (64-bit)"
                }
              ]
            }
          ],
          "datePublic": "2018-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial of service vulnerability exists in Skype for Business, aka \"Microsoft Skype for Business Denial of Service Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-14T10:57:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546"
            },
            {
              "name": "105802",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105802"
            },
            {
              "name": "1042125",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042125"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8546",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Business 2016 (32-bit)"
                              },
                              {
                                "version_value": "Business 2016 (64-bit)"
                              },
                              {
                                "version_value": "Business 2016 Basic (32-bit)"
                              },
                              {
                                "version_value": "Business 2016 Basic (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "365 ProPlus for 32-bit Systems"
                              },
                              {
                                "version_value": "365 ProPlus for 64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              },
                              {
                                "version_value": "Basic 2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "Basic 2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A denial of service vulnerability exists in Skype for Business, aka \"Microsoft Skype for Business Denial of Service Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546"
                },
                {
                  "name": "105802",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105802"
                },
                {
                  "name": "1042125",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042125"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8546",
        "datePublished": "2018-11-14T01:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:25.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8311 (GCVE-0-2018-8311)

    Vulnerability from nvd – Published: 2018-07-11 00:00 – Updated: 2024-08-05 06:54
    VLAI
    Summary
    A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/104624 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041259 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id/1041260 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Skype Affected: Business 2016 (32-bit)
    Affected: Business 2016 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:54:35.227Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104624",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104624"
              },
              {
                "name": "1041259",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041259"
              },
              {
                "name": "1041260",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041260"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Business 2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "104624",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104624"
            },
            {
              "name": "1041259",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041259"
            },
            {
              "name": "1041260",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041260"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8311",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Business 2016 (32-bit)"
                              },
                              {
                                "version_value": "Business 2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104624",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104624"
                },
                {
                  "name": "1041259",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041259"
                },
                {
                  "name": "1041260",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041260"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8311",
        "datePublished": "2018-07-11T00:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:54:35.227Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8238 (GCVE-0-2018-8238)

    Vulnerability from nvd – Published: 2018-07-11 00:00 – Updated: 2024-08-05 06:46
    VLAI
    Summary
    A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.
    Severity
    No CVSS data available.
    CWE
    • Security Feature Bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Skype Affected: Business 2016 (32-bit)
    Affected: Business 2016 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:46:13.830Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104619",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104619"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Business 2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka \"Skype for Business and Lync Security Feature Bypass Vulnerability.\" This affects Skype, Microsoft Lync."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Security Feature Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "104619",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104619"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8238",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Business 2016 (32-bit)"
                              },
                              {
                                "version_value": "Business 2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka \"Skype for Business and Lync Security Feature Bypass Vulnerability.\" This affects Skype, Microsoft Lync."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Security Feature Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104619",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104619"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8238",
        "datePublished": "2018-07-11T00:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:46:13.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11786 (GCVE-0-2017-11786)

    Vulnerability from nvd – Published: 2017-10-13 13:00 – Updated: 2024-09-16 18:03
    VLAI
    Summary
    Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/101156 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1039530 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Corporation Skype for Business Affected: Microsoft Lync 2013 SP1 and Skype for Business 2016
    Create a notification for this product.
    Date Public
    2017-10-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:19:38.921Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101156",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101156"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786"
              },
              {
                "name": "1039530",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039530"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype for Business",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Lync 2013 SP1 and Skype for Business 2016"
                }
              ]
            }
          ],
          "datePublic": "2017-10-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka \"Skype for Business Elevation of Privilege Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-14T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "101156",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101156"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786"
            },
            {
              "name": "1039530",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039530"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2017-10-10T00:00:00",
              "ID": "CVE-2017-11786",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype for Business",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Lync 2013 SP1 and Skype for Business 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka \"Skype for Business Elevation of Privilege Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101156",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101156"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786"
                },
                {
                  "name": "1039530",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039530"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-11786",
        "datePublished": "2017-10-13T13:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:03:43.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8696 (GCVE-0-2017-8696)

    Vulnerability from nvd – Published: 2017-09-13 01:00 – Updated: 2024-08-05 16:41
    VLAI
    Summary
    Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1039344 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/100780 vdb-entryx_refsource_BID
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:41:24.215Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1039344",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039344"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
              },
              {
                "name": "100780",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100780"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-15T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1039344",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039344"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
            },
            {
              "name": "100780",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100780"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-8696",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1039344",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039344"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
                },
                {
                  "name": "100780",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100780"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-8696",
        "datePublished": "2017-09-13T01:00:00.000Z",
        "dateReserved": "2017-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:41:24.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8695 (GCVE-0-2017-8695)

    Vulnerability from nvd – Published: 2017-09-13 01:00 – Updated: 2024-09-16 23:05
    VLAI
    Summary
    Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka "Graphics Component Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/100773 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039344 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows Uniscribe Affected: Microsoft Windows Server 2008 SP2 and R2 SP1
    Affected: Windows 7 SP1
    Affected: Windows 8.1
    Affected: Windows Server 2012 Gold and R2
    Affected: Windows RT 8.1
    Affected: Windows 10 Gold, 1511, 1607, 1703, and Server 2016
    Affected: Office 2007 SP3
    Affected: Office 2010 SP2
    Affected: Word Viewer
    Affected: Office for Mac 2011 and 2016
    Affected: Skype for Business 2016
    Affected: Lync 2013 SP1
    Affected: Lync 2010
    Affected: Lync 2010 Attendee
    Affected: Live Meeting 2007 Add-in and Console
    Create a notification for this product.
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:41:24.291Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100773",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100773"
              },
              {
                "name": "1039344",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039344"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows Uniscribe",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Windows Server 2008 SP2 and R2 SP1"
                },
                {
                  "status": "affected",
                  "version": "Windows 7 SP1"
                },
                {
                  "status": "affected",
                  "version": "Windows 8.1"
                },
                {
                  "status": "affected",
                  "version": "Windows Server 2012 Gold and R2"
                },
                {
                  "status": "affected",
                  "version": "Windows RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "Windows 10 Gold, 1511, 1607, 1703, and Server 2016"
                },
                {
                  "status": "affected",
                  "version": "Office 2007 SP3"
                },
                {
                  "status": "affected",
                  "version": "Office 2010 SP2"
                },
                {
                  "status": "affected",
                  "version": "Word Viewer"
                },
                {
                  "status": "affected",
                  "version": "Office for Mac 2011 and 2016"
                },
                {
                  "status": "affected",
                  "version": "Skype for Business 2016"
                },
                {
                  "status": "affected",
                  "version": "Lync 2013 SP1"
                },
                {
                  "status": "affected",
                  "version": "Lync 2010"
                },
                {
                  "status": "affected",
                  "version": "Lync 2010 Attendee"
                },
                {
                  "status": "affected",
                  "version": "Live Meeting 2007 Add-in and Console"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user\u0027s system via a specially crafted document or an untrusted webpage, aka \"Graphics Component Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-15T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "100773",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100773"
            },
            {
              "name": "1039344",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039344"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2017-09-12T00:00:00",
              "ID": "CVE-2017-8695",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows Uniscribe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1"
                              },
                              {
                                "version_value": "Windows 7 SP1"
                              },
                              {
                                "version_value": "Windows 8.1"
                              },
                              {
                                "version_value": "Windows Server 2012 Gold and R2"
                              },
                              {
                                "version_value": "Windows RT 8.1"
                              },
                              {
                                "version_value": "Windows 10 Gold, 1511, 1607, 1703, and Server 2016"
                              },
                              {
                                "version_value": "Office 2007 SP3"
                              },
                              {
                                "version_value": "Office 2010 SP2"
                              },
                              {
                                "version_value": "Word Viewer"
                              },
                              {
                                "version_value": "Office for Mac 2011 and 2016"
                              },
                              {
                                "version_value": "Skype for Business 2016"
                              },
                              {
                                "version_value": "Lync 2013 SP1"
                              },
                              {
                                "version_value": "Lync 2010"
                              },
                              {
                                "version_value": "Lync 2010 Attendee"
                              },
                              {
                                "version_value": "Live Meeting 2007 Add-in and Console"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user\u0027s system via a specially crafted document or an untrusted webpage, aka \"Graphics Component Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100773",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100773"
                },
                {
                  "name": "1039344",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039344"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-8695",
        "datePublished": "2017-09-13T01:00:00.000Z",
        "dateReserved": "2017-05-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:05:22.128Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8676 (GCVE-0-2017-8676)

    Vulnerability from nvd – Published: 2017-09-13 01:00 – Updated: 2024-09-17 04:25
    VLAI
    Summary
    The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/100755 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039333 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows Graphics Device Interface (GDI) Affected: Microsoft Windows Server 2008 SP2 and R2 SP1
    Affected: Windows 7 SP1
    Affected: Windows 8.1
    Affected: Windows Server 2012 Gold and R2
    Affected: Windows RT 8.1
    Affected: Windows 10 Gold, 1511, 1607, 1703, and Server 2016
    Affected: Office 2007 SP3
    Affected: Office 2010 SP2
    Affected: Word Viewer
    Affected: Office for Mac 2011 and 2016
    Affected: Skype for Business 2016
    Affected: Lync 2013 SP1
    Affected: Lync 2010
    Affected: Lync 2010 Attendee
    Affected: Live Meeting 2007 Add-in and Console
    Create a notification for this product.
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:41:24.414Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100755",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100755"
              },
              {
                "name": "1039333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039333"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows Graphics Device Interface (GDI)",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Windows Server 2008 SP2 and R2 SP1"
                },
                {
                  "status": "affected",
                  "version": "Windows 7 SP1"
                },
                {
                  "status": "affected",
                  "version": "Windows 8.1"
                },
                {
                  "status": "affected",
                  "version": "Windows Server 2012 Gold and R2"
                },
                {
                  "status": "affected",
                  "version": "Windows RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "Windows 10 Gold, 1511, 1607, 1703, and Server 2016"
                },
                {
                  "status": "affected",
                  "version": "Office 2007 SP3"
                },
                {
                  "status": "affected",
                  "version": "Office 2010 SP2"
                },
                {
                  "status": "affected",
                  "version": "Word Viewer"
                },
                {
                  "status": "affected",
                  "version": "Office for Mac 2011 and 2016"
                },
                {
                  "status": "affected",
                  "version": "Skype for Business 2016"
                },
                {
                  "status": "affected",
                  "version": "Lync 2013 SP1"
                },
                {
                  "status": "affected",
                  "version": "Lync 2010"
                },
                {
                  "status": "affected",
                  "version": "Lync 2010 Attendee"
                },
                {
                  "status": "affected",
                  "version": "Live Meeting 2007 Add-in and Console"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka \"Windows GDI+ Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "100755",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100755"
            },
            {
              "name": "1039333",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039333"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2017-09-12T00:00:00",
              "ID": "CVE-2017-8676",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows Graphics Device Interface (GDI)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1"
                              },
                              {
                                "version_value": "Windows 7 SP1"
                              },
                              {
                                "version_value": "Windows 8.1"
                              },
                              {
                                "version_value": "Windows Server 2012 Gold and R2"
                              },
                              {
                                "version_value": "Windows RT 8.1"
                              },
                              {
                                "version_value": "Windows 10 Gold, 1511, 1607, 1703, and Server 2016"
                              },
                              {
                                "version_value": "Office 2007 SP3"
                              },
                              {
                                "version_value": "Office 2010 SP2"
                              },
                              {
                                "version_value": "Word Viewer"
                              },
                              {
                                "version_value": "Office for Mac 2011 and 2016"
                              },
                              {
                                "version_value": "Skype for Business 2016"
                              },
                              {
                                "version_value": "Lync 2013 SP1"
                              },
                              {
                                "version_value": "Lync 2010"
                              },
                              {
                                "version_value": "Lync 2010 Attendee"
                              },
                              {
                                "version_value": "Live Meeting 2007 Add-in and Console"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka \"Windows GDI+ Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100755",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100755"
                },
                {
                  "name": "1039333",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039333"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-8676",
        "datePublished": "2017-09-13T01:00:00.000Z",
        "dateReserved": "2017-05-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:25:38.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8527 (GCVE-0-2017-8527)

    Vulnerability from nvd – Published: 2017-06-15 01:00 – Updated: 2024-08-05 16:41
    VLAI
    Summary
    Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Graphics Remote Code Execution Vulnerability".
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1038680 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/98933 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Corporation Graphics Affected: Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016
    Create a notification for this product.
    Date Public
    2017-06-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:41:22.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038680",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038680"
              },
              {
                "name": "98933",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98933"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Graphics",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2017-06-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Graphics Remote Code Execution Vulnerability\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1038680",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038680"
            },
            {
              "name": "98933",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98933"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-8527",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Graphics",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Graphics Remote Code Execution Vulnerability\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038680",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038680"
                },
                {
                  "name": "98933",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98933"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-8527",
        "datePublished": "2017-06-15T01:00:00.000Z",
        "dateReserved": "2017-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:41:22.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0283 (GCVE-0-2017-0283)

    Vulnerability from nvd – Published: 2017-06-15 01:00 – Updated: 2024-08-05 13:03
    VLAI
    Summary
    Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Corporation Uniscribe Affected: Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows.
    Create a notification for this product.
    Date Public
    2017-06-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:03:55.838Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "42234",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/42234/"
              },
              {
                "name": "1038675",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038675"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198"
              },
              {
                "name": "98920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98920"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Uniscribe",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows."
                }
              ]
            }
          ],
          "datePublic": "2017-06-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Uniscribe Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8528."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-28T14:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "42234",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/42234/"
            },
            {
              "name": "1038675",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038675"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198"
            },
            {
              "name": "98920",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98920"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0283",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Uniscribe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Uniscribe Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8528."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "42234",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/42234/"
                },
                {
                  "name": "1038675",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038675"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283"
                },
                {
                  "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198"
                },
                {
                  "name": "98920",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98920"
                },
                {
                  "name": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html",
                  "refsource": "MISC",
                  "url": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0283",
        "datePublished": "2017-06-15T01:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:03:55.838Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20673 (GCVE-0-2024-20673)

    Vulnerability from cvelistv5 – Published: 2024-02-13 18:02 – Updated: 2025-05-09 18:19
    VLAI
    Title
    Microsoft Office Remote Code Execution Vulnerability
    Summary
    Microsoft Office Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel 2016 Affected: 16.0.0.0 , < 16.0.5435.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Office 2016 Affected: 16.0.0 , < 16.0.5435.1001 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerPoint 2016 Affected: 16.0.0 , < 16.0.5435.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visio 2016 Affected: 16.0.1 , < 16.0.5435.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word 2016 Affected: 16.0.1 , < 16.0.5435.1000 (custom)
    Create a notification for this product.
    Microsoft Microsoft Publisher 2016 Affected: 16.0.0 , < 16.0.5435.1000 (custom)
    Create a notification for this product.
    Microsoft Skype for Business 2016 Affected: 0 , < 16.0.5435.1000 (custom)
    Create a notification for this product.
    Date Public
    2024-02-13 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.338Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft Office Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20673",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-16T19:36:28.789462Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-09T18:19:21.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems",
                "32-bit Systems"
              ],
              "product": "Microsoft Office LTSC 2021",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "https://aka.ms/OfficeSecurityReleases",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Excel 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5435.1000",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Office 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5435.1001",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft PowerPoint 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5435.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Visio 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5435.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Word 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5435.1000",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft Publisher 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5435.1000",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Skype for Business 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.5435.1000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5435.1000",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5435.1001",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5435.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5435.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5435.1000",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:publisher:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "16.0.5435.1000",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:skype_for_business:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.5435.1000",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Office Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693: Protection Mechanism Failure",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-03T01:37:00.336Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Office Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673"
            }
          ],
          "title": "Microsoft Office Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-20673",
        "datePublished": "2024-02-13T18:02:25.889Z",
        "dateReserved": "2023-11-28T22:58:12.117Z",
        "dateUpdated": "2025-05-09T18:19:21.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33633 (GCVE-0-2022-33633)

    Vulnerability from cvelistv5 – Published: 2022-07-12 22:37 – Updated: 2025-07-08 15:36
    VLAI
    Title
    Skype for Business and Lync Remote Code Execution Vulnerability
    Summary
    Skype for Business and Lync Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-33633",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-03T14:09:23.169275Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-03T14:09:39.044Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:22.295Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Skype for Business and Lync Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33633"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Lync Server 2013 CU10",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8308.1198",
                  "status": "affected",
                  "version": "8308.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Skype for Business Server 2015 CU12",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9319.634",
                  "status": "affected",
                  "version": "9319.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Skype for Business Server 2019 CU6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2046.404",
                  "status": "affected",
                  "version": "2046.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:lync_server:*:cumulative_update_10:*:*:*:*:*:*",
                      "versionEndExcluding": "8308.1198",
                      "versionStartIncluding": "8308.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:skype_for_business_server:*:cu12:*:*:*:*:*:*",
                      "versionEndExcluding": "9319.634",
                      "versionStartIncluding": "9319.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:skype_for_business_server:*:cu6:*:*:*:*:*:*",
                      "versionEndExcluding": "2046.404",
                      "versionStartIncluding": "2046.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Skype for Business and Lync Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T15:36:26.035Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Skype for Business and Lync Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33633"
            }
          ],
          "title": "Skype for Business and Lync Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2022-33633",
        "datePublished": "2022-07-12T22:37:56.000Z",
        "dateReserved": "2022-06-14T00:00:00.000Z",
        "dateUpdated": "2025-07-08T15:36:26.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1025 (GCVE-0-2020-1025)

    Vulnerability from cvelistv5 – Published: 2020-07-14 22:53 – Updated: 2024-08-04 06:24
    VLAI
    Title
    Microsoft Office Elevation of Privilege Vulnerability
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Skype for Business Server 2019 CU2 Affected: 7.0.0 , < publication (custom)
        cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Skype for Business Server 2015 CU 8 Affected: 2015 CU 8 , < publication (custom)
        cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Microsoft Lync Server 2013 Affected: 0 , < publication (custom)
        cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < publication (custom)
        cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < publication (custom)
        cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Microsoft SharePoint Foundation 2013 Service Pack 1 Affected: 15.0.0 , < publication (custom)
        cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2020-07-14 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:24:59.514Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Skype for Business Server 2019  CU2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Skype for Business Server 2015 CU 8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "2015 CU 8",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Lync Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Foundation 2013 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-14T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.\nTo exploit this vulnerability, an attacker would need to modify the token.\nThe update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-28T20:54:51.253Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025"
            }
          ],
          "title": "Microsoft Office Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-1025",
        "datePublished": "2020-07-14T22:53:56.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:24:59.514Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1490 (GCVE-0-2019-1490)

    Vulnerability from cvelistv5 – Published: 2019-12-10 21:41 – Updated: 2024-08-04 18:20
    VLAI
    Summary
    A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Spoofing
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:20:28.160Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype for Business Server 2019  CU2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business Server Spoofing Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-10T21:41:08.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1490",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype for Business Server 2019  CU2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business Server Spoofing Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1490",
        "datePublished": "2019-12-10T21:41:08.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:20:28.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1084 (GCVE-0-2019-1084)

    Vulnerability from cvelistv5 – Published: 2019-07-15 18:56 – Updated: 2024-08-04 18:06
    VLAI
    Summary
    An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Exchange Server Affected: 2010 Service Pack 3
    Create a notification for this product.
    Microsoft Microsoft Outlook Affected: 2010 Service Pack 2 (32-bit editions)
    Affected: 2010 Service Pack 2 (64-bit editions)
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Create a notification for this product.
    Microsoft Microsoft Office Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Affected: 2013 RT Service Pack 1
    Affected: 2016 for Mac
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Affected: 2019 for Mac
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Lync Basic Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Outlook for Android Affected: unspecified
    Create a notification for this product.
    Microsoft Skype for Business Affected: 2016 (32-bit)
    Affected: 2016 (64-bit)
    Create a notification for this product.
    Microsoft Skype for Business Basic Affected: 2016 (32-bit)
    Affected: 2016 (64-bit)
    Create a notification for this product.
    Microsoft Office 365 ProPlus Affected: 32-bit Systems
    Affected: 64-bit Systems
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2016 Affected: Cumulative Update 12
    Affected: Cumulative Update 13
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2019 Affected: Cumulative Update 1
    Affected: Cumulative Update 2
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2013 Affected: Cumulative Update 23
    Create a notification for this product.
    Microsoft Mail and Calendar Affected: unspecified
    Create a notification for this product.
    Microsoft Outlook for iOS Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 3"
                }
              ]
            },
            {
              "product": "Microsoft Outlook",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                }
              ]
            },
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 RT Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2016 for Mac"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for Mac"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Lync Basic",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Skype for Business",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Skype for Business Basic",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Office 365 ProPlus",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "64-bit Systems"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 13"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 1"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 2"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 23"
                }
              ]
            },
            {
              "product": "Mail and Calendar",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Outlook for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka \u0027Microsoft Exchange Information Disclosure Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-15T18:56:21.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1084",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Outlook",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2 (32-bit editions)"
                              },
                              {
                                "version_value": "2010 Service Pack 2 (64-bit editions)"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              },
                              {
                                "version_value": "2013 RT Service Pack 1"
                              },
                              {
                                "version_value": "2016 for Mac"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              },
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              },
                              {
                                "version_value": "2019 for Mac"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Outlook for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Skype for Business",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2016 (32-bit)"
                              },
                              {
                                "version_value": "2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Skype for Business Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2016 (32-bit)"
                              },
                              {
                                "version_value": "2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office 365 ProPlus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "32-bit Systems"
                              },
                              {
                                "version_value": "64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 12"
                              },
                              {
                                "version_value": "Cumulative Update 13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 1"
                              },
                              {
                                "version_value": "Cumulative Update 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 23"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Mail and Calendar",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Outlook for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka \u0027Microsoft Exchange Information Disclosure Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1084",
        "datePublished": "2019-07-15T18:56:21.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:06:31.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0624 (GCVE-0-2019-0624)

    Vulnerability from cvelistv5 – Published: 2019-01-17 18:00 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.
    Severity
    No CVSS data available.
    CWE
    • Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Skype Affected: Business Server 2015 CU 8
    Create a notification for this product.
    Date Public
    2019-01-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:26.802Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0624"
              },
              {
                "name": "106663",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106663"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Business Server 2015 CU 8"
                }
              ]
            }
          ],
          "datePublic": "2019-01-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka \"Skype for Business 2015 Spoofing Vulnerability.\" This affects Skype."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-22T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0624"
            },
            {
              "name": "106663",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106663"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0624",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Business Server 2015 CU 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka \"Skype for Business 2015 Spoofing Vulnerability.\" This affects Skype."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0624",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0624"
                },
                {
                  "name": "106663",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106663"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0624",
        "datePublished": "2019-01-17T18:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:26.802Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8546 (GCVE-0-2018-8546)

    Vulnerability from cvelistv5 – Published: 2018-11-14 01:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    References
    URL Tags
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/105802 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1042125 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Skype Affected: Business 2016 (32-bit)
    Affected: Business 2016 (64-bit)
    Affected: Business 2016 Basic (32-bit)
    Affected: Business 2016 Basic (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Office Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Create a notification for this product.
    Microsoft Office Affected: 365 ProPlus for 32-bit Systems
    Affected: 365 ProPlus for 64-bit Systems
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Affected: Basic 2013 Service Pack 1 (32-bit)
    Affected: Basic 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Date Public
    2018-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.364Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546"
              },
              {
                "name": "105802",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105802"
              },
              {
                "name": "1042125",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042125"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Business 2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 (64-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 Basic (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 Basic (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                }
              ]
            },
            {
              "product": "Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "365 ProPlus for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "365 ProPlus for 64-bit Systems"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                },
                {
                  "status": "affected",
                  "version": "Basic 2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Basic 2013 Service Pack 1 (64-bit)"
                }
              ]
            }
          ],
          "datePublic": "2018-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial of service vulnerability exists in Skype for Business, aka \"Microsoft Skype for Business Denial of Service Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-14T10:57:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546"
            },
            {
              "name": "105802",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105802"
            },
            {
              "name": "1042125",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042125"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8546",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Business 2016 (32-bit)"
                              },
                              {
                                "version_value": "Business 2016 (64-bit)"
                              },
                              {
                                "version_value": "Business 2016 Basic (32-bit)"
                              },
                              {
                                "version_value": "Business 2016 Basic (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "365 ProPlus for 32-bit Systems"
                              },
                              {
                                "version_value": "365 ProPlus for 64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              },
                              {
                                "version_value": "Basic 2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "Basic 2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A denial of service vulnerability exists in Skype for Business, aka \"Microsoft Skype for Business Denial of Service Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546"
                },
                {
                  "name": "105802",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105802"
                },
                {
                  "name": "1042125",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042125"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8546",
        "datePublished": "2018-11-14T01:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:25.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8238 (GCVE-0-2018-8238)

    Vulnerability from cvelistv5 – Published: 2018-07-11 00:00 – Updated: 2024-08-05 06:46
    VLAI
    Summary
    A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.
    Severity
    No CVSS data available.
    CWE
    • Security Feature Bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Skype Affected: Business 2016 (32-bit)
    Affected: Business 2016 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:46:13.830Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104619",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104619"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Business 2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka \"Skype for Business and Lync Security Feature Bypass Vulnerability.\" This affects Skype, Microsoft Lync."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Security Feature Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "104619",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104619"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8238",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Business 2016 (32-bit)"
                              },
                              {
                                "version_value": "Business 2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka \"Skype for Business and Lync Security Feature Bypass Vulnerability.\" This affects Skype, Microsoft Lync."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Security Feature Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104619",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104619"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8238",
        "datePublished": "2018-07-11T00:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:46:13.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8311 (GCVE-0-2018-8311)

    Vulnerability from cvelistv5 – Published: 2018-07-11 00:00 – Updated: 2024-08-05 06:54
    VLAI
    Summary
    A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/104624 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041259 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id/1041260 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Skype Affected: Business 2016 (32-bit)
    Affected: Business 2016 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:54:35.227Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104624",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104624"
              },
              {
                "name": "1041259",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041259"
              },
              {
                "name": "1041260",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041260"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Business 2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "104624",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104624"
            },
            {
              "name": "1041259",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041259"
            },
            {
              "name": "1041260",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041260"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8311",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Business 2016 (32-bit)"
                              },
                              {
                                "version_value": "Business 2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104624",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104624"
                },
                {
                  "name": "1041259",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041259"
                },
                {
                  "name": "1041260",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041260"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8311",
        "datePublished": "2018-07-11T00:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:54:35.227Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11786 (GCVE-0-2017-11786)

    Vulnerability from cvelistv5 – Published: 2017-10-13 13:00 – Updated: 2024-09-16 18:03
    VLAI
    Summary
    Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/101156 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1039530 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Corporation Skype for Business Affected: Microsoft Lync 2013 SP1 and Skype for Business 2016
    Create a notification for this product.
    Date Public
    2017-10-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:19:38.921Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101156",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101156"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786"
              },
              {
                "name": "1039530",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039530"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype for Business",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Lync 2013 SP1 and Skype for Business 2016"
                }
              ]
            }
          ],
          "datePublic": "2017-10-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka \"Skype for Business Elevation of Privilege Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-14T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "101156",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101156"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786"
            },
            {
              "name": "1039530",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039530"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2017-10-10T00:00:00",
              "ID": "CVE-2017-11786",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype for Business",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Lync 2013 SP1 and Skype for Business 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka \"Skype for Business Elevation of Privilege Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101156",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101156"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786"
                },
                {
                  "name": "1039530",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039530"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-11786",
        "datePublished": "2017-10-13T13:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:03:43.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8676 (GCVE-0-2017-8676)

    Vulnerability from cvelistv5 – Published: 2017-09-13 01:00 – Updated: 2024-09-17 04:25
    VLAI
    Summary
    The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/100755 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039333 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows Graphics Device Interface (GDI) Affected: Microsoft Windows Server 2008 SP2 and R2 SP1
    Affected: Windows 7 SP1
    Affected: Windows 8.1
    Affected: Windows Server 2012 Gold and R2
    Affected: Windows RT 8.1
    Affected: Windows 10 Gold, 1511, 1607, 1703, and Server 2016
    Affected: Office 2007 SP3
    Affected: Office 2010 SP2
    Affected: Word Viewer
    Affected: Office for Mac 2011 and 2016
    Affected: Skype for Business 2016
    Affected: Lync 2013 SP1
    Affected: Lync 2010
    Affected: Lync 2010 Attendee
    Affected: Live Meeting 2007 Add-in and Console
    Create a notification for this product.
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:41:24.414Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100755",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100755"
              },
              {
                "name": "1039333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039333"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows Graphics Device Interface (GDI)",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Windows Server 2008 SP2 and R2 SP1"
                },
                {
                  "status": "affected",
                  "version": "Windows 7 SP1"
                },
                {
                  "status": "affected",
                  "version": "Windows 8.1"
                },
                {
                  "status": "affected",
                  "version": "Windows Server 2012 Gold and R2"
                },
                {
                  "status": "affected",
                  "version": "Windows RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "Windows 10 Gold, 1511, 1607, 1703, and Server 2016"
                },
                {
                  "status": "affected",
                  "version": "Office 2007 SP3"
                },
                {
                  "status": "affected",
                  "version": "Office 2010 SP2"
                },
                {
                  "status": "affected",
                  "version": "Word Viewer"
                },
                {
                  "status": "affected",
                  "version": "Office for Mac 2011 and 2016"
                },
                {
                  "status": "affected",
                  "version": "Skype for Business 2016"
                },
                {
                  "status": "affected",
                  "version": "Lync 2013 SP1"
                },
                {
                  "status": "affected",
                  "version": "Lync 2010"
                },
                {
                  "status": "affected",
                  "version": "Lync 2010 Attendee"
                },
                {
                  "status": "affected",
                  "version": "Live Meeting 2007 Add-in and Console"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka \"Windows GDI+ Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "100755",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100755"
            },
            {
              "name": "1039333",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039333"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2017-09-12T00:00:00",
              "ID": "CVE-2017-8676",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows Graphics Device Interface (GDI)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1"
                              },
                              {
                                "version_value": "Windows 7 SP1"
                              },
                              {
                                "version_value": "Windows 8.1"
                              },
                              {
                                "version_value": "Windows Server 2012 Gold and R2"
                              },
                              {
                                "version_value": "Windows RT 8.1"
                              },
                              {
                                "version_value": "Windows 10 Gold, 1511, 1607, 1703, and Server 2016"
                              },
                              {
                                "version_value": "Office 2007 SP3"
                              },
                              {
                                "version_value": "Office 2010 SP2"
                              },
                              {
                                "version_value": "Word Viewer"
                              },
                              {
                                "version_value": "Office for Mac 2011 and 2016"
                              },
                              {
                                "version_value": "Skype for Business 2016"
                              },
                              {
                                "version_value": "Lync 2013 SP1"
                              },
                              {
                                "version_value": "Lync 2010"
                              },
                              {
                                "version_value": "Lync 2010 Attendee"
                              },
                              {
                                "version_value": "Live Meeting 2007 Add-in and Console"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka \"Windows GDI+ Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100755",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100755"
                },
                {
                  "name": "1039333",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039333"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-8676",
        "datePublished": "2017-09-13T01:00:00.000Z",
        "dateReserved": "2017-05-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:25:38.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8695 (GCVE-0-2017-8695)

    Vulnerability from cvelistv5 – Published: 2017-09-13 01:00 – Updated: 2024-09-16 23:05
    VLAI
    Summary
    Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka "Graphics Component Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/100773 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039344 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows Uniscribe Affected: Microsoft Windows Server 2008 SP2 and R2 SP1
    Affected: Windows 7 SP1
    Affected: Windows 8.1
    Affected: Windows Server 2012 Gold and R2
    Affected: Windows RT 8.1
    Affected: Windows 10 Gold, 1511, 1607, 1703, and Server 2016
    Affected: Office 2007 SP3
    Affected: Office 2010 SP2
    Affected: Word Viewer
    Affected: Office for Mac 2011 and 2016
    Affected: Skype for Business 2016
    Affected: Lync 2013 SP1
    Affected: Lync 2010
    Affected: Lync 2010 Attendee
    Affected: Live Meeting 2007 Add-in and Console
    Create a notification for this product.
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:41:24.291Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100773",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100773"
              },
              {
                "name": "1039344",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039344"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows Uniscribe",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Windows Server 2008 SP2 and R2 SP1"
                },
                {
                  "status": "affected",
                  "version": "Windows 7 SP1"
                },
                {
                  "status": "affected",
                  "version": "Windows 8.1"
                },
                {
                  "status": "affected",
                  "version": "Windows Server 2012 Gold and R2"
                },
                {
                  "status": "affected",
                  "version": "Windows RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "Windows 10 Gold, 1511, 1607, 1703, and Server 2016"
                },
                {
                  "status": "affected",
                  "version": "Office 2007 SP3"
                },
                {
                  "status": "affected",
                  "version": "Office 2010 SP2"
                },
                {
                  "status": "affected",
                  "version": "Word Viewer"
                },
                {
                  "status": "affected",
                  "version": "Office for Mac 2011 and 2016"
                },
                {
                  "status": "affected",
                  "version": "Skype for Business 2016"
                },
                {
                  "status": "affected",
                  "version": "Lync 2013 SP1"
                },
                {
                  "status": "affected",
                  "version": "Lync 2010"
                },
                {
                  "status": "affected",
                  "version": "Lync 2010 Attendee"
                },
                {
                  "status": "affected",
                  "version": "Live Meeting 2007 Add-in and Console"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user\u0027s system via a specially crafted document or an untrusted webpage, aka \"Graphics Component Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-15T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "100773",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100773"
            },
            {
              "name": "1039344",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039344"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2017-09-12T00:00:00",
              "ID": "CVE-2017-8695",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows Uniscribe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1"
                              },
                              {
                                "version_value": "Windows 7 SP1"
                              },
                              {
                                "version_value": "Windows 8.1"
                              },
                              {
                                "version_value": "Windows Server 2012 Gold and R2"
                              },
                              {
                                "version_value": "Windows RT 8.1"
                              },
                              {
                                "version_value": "Windows 10 Gold, 1511, 1607, 1703, and Server 2016"
                              },
                              {
                                "version_value": "Office 2007 SP3"
                              },
                              {
                                "version_value": "Office 2010 SP2"
                              },
                              {
                                "version_value": "Word Viewer"
                              },
                              {
                                "version_value": "Office for Mac 2011 and 2016"
                              },
                              {
                                "version_value": "Skype for Business 2016"
                              },
                              {
                                "version_value": "Lync 2013 SP1"
                              },
                              {
                                "version_value": "Lync 2010"
                              },
                              {
                                "version_value": "Lync 2010 Attendee"
                              },
                              {
                                "version_value": "Live Meeting 2007 Add-in and Console"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user\u0027s system via a specially crafted document or an untrusted webpage, aka \"Graphics Component Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100773",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100773"
                },
                {
                  "name": "1039344",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039344"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-8695",
        "datePublished": "2017-09-13T01:00:00.000Z",
        "dateReserved": "2017-05-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:05:22.128Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8696 (GCVE-0-2017-8696)

    Vulnerability from cvelistv5 – Published: 2017-09-13 01:00 – Updated: 2024-08-05 16:41
    VLAI
    Summary
    Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1039344 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/100780 vdb-entryx_refsource_BID
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:41:24.215Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1039344",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039344"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
              },
              {
                "name": "100780",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100780"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-15T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1039344",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039344"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
            },
            {
              "name": "100780",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100780"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-8696",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1039344",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039344"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
                },
                {
                  "name": "100780",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100780"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-8696",
        "datePublished": "2017-09-13T01:00:00.000Z",
        "dateReserved": "2017-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:41:24.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0283 (GCVE-0-2017-0283)

    Vulnerability from cvelistv5 – Published: 2017-06-15 01:00 – Updated: 2024-08-05 13:03
    VLAI
    Summary
    Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Corporation Uniscribe Affected: Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows.
    Create a notification for this product.
    Date Public
    2017-06-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:03:55.838Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "42234",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/42234/"
              },
              {
                "name": "1038675",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038675"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198"
              },
              {
                "name": "98920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98920"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Uniscribe",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows."
                }
              ]
            }
          ],
          "datePublic": "2017-06-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Uniscribe Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8528."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-28T14:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "42234",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/42234/"
            },
            {
              "name": "1038675",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038675"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198"
            },
            {
              "name": "98920",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98920"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0283",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Uniscribe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Uniscribe Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8528."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "42234",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/42234/"
                },
                {
                  "name": "1038675",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038675"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283"
                },
                {
                  "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198"
                },
                {
                  "name": "98920",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98920"
                },
                {
                  "name": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html",
                  "refsource": "MISC",
                  "url": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0283",
        "datePublished": "2017-06-15T01:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:03:55.838Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8527 (GCVE-0-2017-8527)

    Vulnerability from cvelistv5 – Published: 2017-06-15 01:00 – Updated: 2024-08-05 16:41
    VLAI
    Summary
    Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Graphics Remote Code Execution Vulnerability".
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1038680 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/98933 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Corporation Graphics Affected: Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016
    Create a notification for this product.
    Date Public
    2017-06-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:41:22.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038680",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038680"
              },
              {
                "name": "98933",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98933"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Graphics",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2017-06-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Graphics Remote Code Execution Vulnerability\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1038680",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038680"
            },
            {
              "name": "98933",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98933"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-8527",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Graphics",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Graphics Remote Code Execution Vulnerability\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038680",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038680"
                },
                {
                  "name": "98933",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98933"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-8527",
        "datePublished": "2017-06-15T01:00:00.000Z",
        "dateReserved": "2017-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:41:22.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }