CVE-2018-8474

HIGH

Lync for Mac 2011 - Security Feature Bypass via Crafted Message

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-8474. PoCs published by nyxgeek.

AI-analyzed exploit summary This PowerShell script exploits CVE-2018-8474 by sending a malicious iframe via Microsoft Lync for Mac 2011 chat, forcing the target to browse or download content without interaction. It leverages the Lync 2013 SDK to automate message delivery.

Description

A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security Feature Bypass Vulnerability." This affects Microsoft Lync.

Exploits (1)

exploitdb WORKING POC VERIFIED
by nyxgeek · powershelldoswindows
https://www.exploit-db.com/exploits/45936

This PowerShell script exploits CVE-2018-8474 by sending a malicious iframe via Microsoft Lync for Mac 2011 chat, forcing the target to browse or download content without interaction. It leverages the Lync 2013 SDK to automate message delivery.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Lync for Mac 2011 14.4.3 (and likely earlier versions)
Auth required
Prerequisites: Lync 2013 SDK installed · Skype/Lync client running and signed in · Target user's URI
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041633
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105268
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45936/

Scores

CVSS v3 7.5
EPSS 0.3818
EPSS Percentile 98.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (1)
microsoft/lync_for_mac 2011
Published Sep 13, 2018
Tracked Since Feb 18, 2026