Skype for Business and Microsoft Lync
CVE-2018-8546 — Microsoft Skype for Business Denial of Service Vulnerability
Low
2018-11 archive
Executive Summary
A denial of service vulnerability exists in Skype for Business. An attacker who successfully exploited the vulnerability could cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's user rights. For an attack to be successful, this vulnerability requires that a user sends a number of emojis in the affected version of Skype for Business. The security update addresses the vulnerability by correcting how Skype for Business handles emojis.
Overview
Low
MS Severity
Not Exploited
MS Exploit Status
Exploitation Unlikely
MS Exploit Likelihood
EPSS Score
No EPSS score available for this CVE.
View on FIRST.orgAffected Products
12 affected products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| Microsoft Lync 2013 Service Pack 1 (32-bit) | 4461487 (Security Update) |
Low | Denial of Service | Maybe |
| Microsoft Lync 2013 Service Pack 1 (64-bit) | 4461487 (Security Update) |
Low | Denial of Service | Maybe |
| Microsoft Lync Basic 2013 Service Pack 1 (32-bit) | 4461487 (Security Update) |
Low | Denial of Service | Maybe |
| Microsoft Lync Basic 2013 Service Pack 1 (64-bit) | 4461487 (Security Update) |
Low | Denial of Service | Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) |
Low | Denial of Service | No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) |
Low | Denial of Service | No |
| Office 365 ProPlus for 32-bit Systems | Click to Run (Security Update) |
Low | Denial of Service | No |
| Office 365 ProPlus for 64-bit Systems | Click to Run (Security Update) |
Low | Denial of Service | No |
| Skype for Business 2016 (32-bit) | 4461473 (Security Update) |
Low | Denial of Service | Maybe |
| Skype for Business 2016 (64-bit) | 4461473 (Security Update) |
Low | Denial of Service | Maybe |
| Skype for Business 2016 Basic (32-bit) | 4461473 (Security Update) |
Low | Denial of Service | Maybe |
| Skype for Business 2016 Basic (64-bit) | 4461473 (Security Update) |
Low | Denial of Service | Maybe |
Patches
3 patches
| Article | Type | Restart |
|---|---|---|
4461487 |
Security Update | Maybe |
Click to Run |
Security Update | No |
4461473 |
Security Update | Maybe |
Known Exploits
No known exploits have been linked for this CVE yet. When available, exploit references will be sourced from public repositories and may be unverified, incomplete, or non-functional. Always review code carefully before use in any environment.
Acknowledgments
Sabine Degen of SEC Consult Vulnerability Lab
References
On This Page