Remote Code Execution Vulnerability in Microsoft Lync Products
CVE-2013-1302

Currently unrated

Key Information:

Vendor: Microsoft
Status: Lync; Lync Server; Office Communicator
Vendor: CVE Published:; 15 May 2013

Summary

Certain versions of Microsoft’s Lync products, including Lync 2010 and Lync Server 2013, are vulnerable due to improper handling of memory objects. This flaw can be exploited by attackers to execute arbitrary code through specially crafted invitations, potentially leading to unauthorized access and system manipulation. Organizations using affected versions should take precautionary measures to mitigate risks associated with this vulnerability.

References

http://www.us-cert.gov/ncas/alerts/TA13-134A

third-party-advisoryx_refsource_CERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

56% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 15, 2013
Vulnerability Reserved
Jan 12, 2013