CVE-2013-1302

Currently unrated

Key Information:

Vendor: Microsoft
Status: Lync; Lync Server; Office Communicator
Vendor: CVE Published:; 15 May 2013

Summary

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."

References

http://www.us-cert.gov/ncas/alerts/TA13-134A

third-party-advisoryx_refsource_CERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

85% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 15, 2013
Vulnerability Reserved
Jan 12, 2013

Collectors

NVD DatabaseMitre Database