CVE-2013-1302

Published: May 15, 2013Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."

Affected (5)

Products: Microsoft: Lync, Lync Server, Office Communicator

3 products

Office Communicator

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Microsoft Lync	Version 2010
Microsoft Lync	Version 2010
Microsoft Lync	Version 2010
Microsoft Lync Server	Version 2013
Microsoft Office Communicator	Version 2007 r2

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (6)

http://www.us-cert.gov/ncas/alerts/TA13-134A

Source: secure@microsoft.com

Third Party AdvisoryUS Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-041

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15952

Source: secure@microsoft.com

http://www.us-cert.gov/ncas/alerts/TA13-134A

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-041

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15952

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.