What is CVE-2018-8474?

CVE-2018-8474 is a vulnerability in Microsoft Lync. Published 2018-09-13.

Is CVE-2018-8474 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Lync

CVE-2018-8474

A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security Feature Bypass Vulnerability." This affects Microsoft Lync.

EPSS: 0.244 (96.2th percentile) — read the EPSS interpretation.

Affected products

Microsoft Lync — versions Mac 2011

Public proof-of-concept exploits

ARPSyndicate/cvemon
nyxgeek/exploits

References

1041633 (vdb-entry, x_refsource_SECTRACK)
105268 (vdb-entry, x_refsource_BID)
45936 (exploit, x_refsource_EXPLOIT-DB)
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8474 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-8474?: CVE-2018-8474 is a vulnerability in Microsoft Lync. Published 2018-09-13.
Is CVE-2018-8474 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.