CVE-2024-10488: Chromium: CVE-2024-10488 Use after free in WebRTC

CVE-2024-10487: Chromium: CVE-2024-10487: Out of bounds write in Dawn

CVE-2024-10231: Chromium: CVE -2024-10231 Type Confusion in V8

CVE-2024-10230: Chromium: CVE -2024-10230 Type Confusion in V8

CVE-2024-10229: Chromium: CVE -2024-10229 Inappropriate implementation in Extensions

**How could an attacker exploit this vulnerability?**

An attacker could exploit this path traversal vulnerability by leveraging the OcsPowershell endpoint within Skype for Business Server 2019 CU7 Hotfix 2 and Skype for Business Server 2015 CU13 Hotfix 1.

Exploitation of this vulnerability requires the authenticated remote user be granted either the CsVoiceAdministrator or CsServerAdministrator role in order to create arbitrary files on the server.

This exploit would allow the attacker to execute arbitrary code on the server.

Headline

CVE-2023-36786: Skype for Business Remote Code Execution Vulnerability

Microsoft Security Response Center: Latest News