CVE-2024-11395: Chromium: CVE-2024-11395 Type Confusion in V8

CVE-2024-49054: Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2024-49060: Azure Stack HCI Elevation of Privilege Vulnerability

CVE-2024-11117: Chromium: CVE-2024-11117 Inappropriate implementation in FileSystem

CVE-2024-11116: Chromium: CVE-2024-11116 Inappropriate implementation in Paint

**How could an attacker exploit this vulnerability?**

An attacker could exploit this path traversal vulnerability by leveraging the OcsPowershell endpoint within Skype for Business Server 2019 CU7 Hotfix 2 and Skype for Business Server 2015 CU13 Hotfix 1.

Exploitation of this vulnerability requires the authenticated remote user be granted either the CsVoiceAdministrator or CsServerAdministrator role in order to create arbitrary files on the server.

This exploit would allow the attacker to execute arbitrary code on the server.

Headline

CVE-2023-36786: Skype for Business Remote Code Execution Vulnerability

Microsoft Security Response Center: Latest News