FortiClient VulnerabilityMicrosoft Skype For Business and Lync CVE-2018-8311 Remote Code Execution Vulnerability
Description
A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Applications
Microsoft Lync 2013 Service Pack 1 (32-bit)
Microsoft Lync 2013 Service Pack 1 (64-bit)
Skype for Business 2016 (32-bit)
Skype for Business 2016 (64-bit)
CVE References
CVE-2018-8311Other References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8311| ID | 50188 |
| Created | Jul 11, 2018 |
| Description Updated |
Dec 21, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Microsoft Lync 2013 Service Pack 1 (32-bit) , Microsoft Lync 2013 Service Pack 1 (64-bit) , Skype for Business 2016 (32-bit) , Skype for Business 2016 (64-bit) |