Buffer overflow in Microsoft Lync

CVE-2013-1302

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted objec…

Vulnerability class: Buffer Overflow

EPSS: 0.444 (97.6th percentile) — read the EPSS interpretation.

Affected products

Microsoft Lync — versions 2010
Microsoft Lync_server — versions 2013
Microsoft Office_communicator — versions 2007
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

TA13-134A (US Government Resource, Third Party Advisory, x_refsource_CERT, third-party-advisory)
oval:org.mitre.oval:def:15952 (x_refsource_OVAL, signature, vdb-entry)
MS13-041 (x_refsource_MS, vendor-advisory)