CyberSec.Space Logo
返回 CVE 浏览器

CVE-2013-1302

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0450%
EPSS Percentile36.50th
Published2013年5月15日
Last Modified2026年4月29日

Vulnerability Description

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."

Affected Platforms (CPE)

📦
Microsoft

Lync

= 2010
📦
Microsoft

Lync

= 2010
📦
Microsoft

Lync

= 2010
📦
Microsoft

Lync Server

= 2013
📦
Microsoft

Office Communicator

= 2007

References & Advisories

🔗 http://www.us-cert.gov/ncas/alerts/TA13-134A
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-041
🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15952
🔗 http://www.us-cert.gov/ncas/alerts/TA13-134A
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-041
🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15952

相关漏洞威胁

CVE-2016-71829.8

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Ser...

CVE-2014-18189.3

GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Window...

CVE-2012-18499.3

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privilege...

CVE-2014-18179.3

usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...