CVE-2017-8550

MEDIUM

Microsoft Office - XSS

Title source: rule

Description

A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".

Exploits (1)

exploitdb WORKING POC

by nyxgeek · powershellremotewindows

https://www.exploit-db.com/exploits/42316

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98916

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8550

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42316/

Scores

CVSS v3 5.4

EPSS 0.1238

EPSS Percentile 93.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

microsoft/office

Microsoft Corporation/Skype for Business < Microsoft Office 2016 Click-to-Run (C2R)

Published Jun 15, 2017

Tracked Since Feb 18, 2026