Vulnerability Description
A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".
CVSS Score
5.4
MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Office | 2016 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98916Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8550PatchVendor Advisory
- https://www.exploit-db.com/exploits/42316/ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/98916Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8550PatchVendor Advisory
- https://www.exploit-db.com/exploits/42316/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-8550?
CVE-2017-8550 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".
How severe is CVE-2017-8550?
CVE-2017-8550 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8550?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office.