What is CVE-2013-3129?

CVE-2013-3129 is a high-severity vulnerability in Microsoft Lync, classified under Code Injection. CVSS score: 7.8/10. Published 2013-07-10.

How severe is CVE-2013-3129?

High severity. CVSS v3 base score is 7.8 out of 10.

RCE in Microsoft Lync

CVE-2013-3129

Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, W…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.517 (98.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Microsoft Lync — versions 2010, 2013
Microsoft Lync_basic — versions 2013
Microsoft .Net_framework — versions 3.0, 3.5, 3.5.1
Microsoft Office — versions 2003, 2007, 2010
Microsoft Silverlight — versions 5.0.60401.0, 5.0.60818.0, 5.0.61118.0
Microsoft Visual_studio_.net — versions 2003
Microsoft Windows_7
Microsoft Windows_8
Microsoft Windows_rt
Microsoft Windows_server_2003

Weakness classification (CWE)

CWE-94 — Code Injection

References

MS13-052 (x_refsource_MS, vendor-advisory)
oval:org.mitre.oval:def:17341 (x_refsource_OVAL, signature, vdb-entry)
MS13-054 (x_refsource_MS, vendor-advisory)
TA13-190A (US Government Resource, Third Party Advisory, x_refsource_CERT, third-party-advisory)
MS13-053 (x_refsource_MS, vendor-advisory)
oval:org.mitre.oval:def:17323 (x_refsource_OVAL, signature, vdb-entry)

Frequently asked questions

What is CVE-2013-3129?: CVE-2013-3129 is a high-severity vulnerability in Microsoft Lync, classified under Code Injection. CVSS score: 7.8/10. Published 2013-07-10.
How severe is CVE-2013-3129?: High severity. CVSS v3 base score is 7.8 out of 10.