CVE-2013-1302: Buffer Overflow
First published: Wed May 15 2013(Updated: )
Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Lync Server | =2010 | |
| Microsoft Lync Server | =2010 | |
| Microsoft Lync Server | =2010 | |
| Microsoft Lync | =2013 | |
| Microsoft Office Communicator | =2007-r2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-1302?
CVE-2013-1302 has a critical severity rating as it allows remote code execution if exploited.
How do I fix CVE-2013-1302?
To fix CVE-2013-1302, update to the latest version of Microsoft Lync or apply the relevant security patches provided by Microsoft.
Which products are affected by CVE-2013-1302?
CVE-2013-1302 affects Microsoft Communicator 2007 R2, Lync 2010, and Lync Server 2013.
Can CVE-2013-1302 be exploited remotely?
Yes, CVE-2013-1302 can be exploited remotely through specially crafted invitations.
What kind of attacks can CVE-2013-1302 enable?
CVE-2013-1302 can enable attackers to execute arbitrary code on affected systems.
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft lync
- version/microsoft lync/2010
- canonical/microsoft lync server
- version/microsoft lync server/2013
- canonical/microsoft office communicator
- version/microsoft office communicator/2007-r2