Microsoft Lync Remote Code Execution Vulnerability (2834695) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS13-041.

Impact

Successful exploitation could allow an attacker could execute arbitrary code in the context of the current user by sharing specially crafted content, such as a file or a program, as a presentation in a Lync or Communicator session and then convince a user to view or share the specially crafted content. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-041

Insight

A use-after-free error within the Lync control can be exploited to dereference already freed memory.

Affected

Microsoft Lync 2010 Microsoft Communicator 2007 R2

References

http://secunia.com/advisories/53363/
http://support.microsoft.com/kb/2827750
http://support.microsoft.com/kb/2827753
https://technet.microsoft.com/en-us/security/bulletin/ms13-041

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1302

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)
Buffer Overrun in Messenger Service (828035)
Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)
Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)

Take action and discover your vulnerabilities