CVE-2013-1302 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Lync

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

44.4%

top 2.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Lync Microsoft Lync Server Microsoft Office Communicator

Timeline

PublishedMay 15

Latest updateMay 14

Description

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmicrosoft/lync_server2013

▶NVDmicrosoft/lync2010

▶NVDmicrosoft/office_communicator2007

🔴Vulnerability Details

GHSA

GHSA-q433-fx96-3j76: Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote atta↗2022-05-14

▶

CVEList

CVE-2013-1302: Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote atta↗2013-05-15

▶