Back to CVE Browser

CVE-2013-1302

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.0450%

EPSS Percentile36.50th

PublishedMay 15, 2013

Last ModifiedApr 29, 2026

Vulnerability Description

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."

Affected Platforms (CPE)

📦

Microsoft

Lync

= 2010

📦

Microsoft

Lync

= 2010

📦

Microsoft

Lync

= 2010

📦

Microsoft

Lync Server

= 2013

📦

Microsoft

Office Communicator

= 2007

References & Advisories

🔗 http://www.us-cert.gov/ncas/alerts/TA13-134A

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-041

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15952

🔗 http://www.us-cert.gov/ncas/alerts/TA13-134A

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-041

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15952

Related Vulnerabilities

CVE-2016-71829.8

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Ser...

CVE-2014-18189.3

GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Window...

CVE-2012-18499.3

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privilege...

CVE-2014-18179.3

usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...