Microsoft Lync Remote Code Execution Vulnerability (2908005) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS13-096.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code in the context of the currently logged-in user, which may lead to a complete compromise of an affected computer. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/bulletin/ms13-096

Insight

The flaw is due to an error when handling TIFF files within the Microsoft Graphics Component (GDI+) and can be exploited to cause a memory corruption.

Affected

Microsoft Lync 2010 Microsoft Lync 2013

Detection

Get the vulnerable file version and check appropriate patch is applied or not.

References

http://support.microsoft.com/kb/2850057
http://support.microsoft.com/kb/2899397
https://technet.microsoft.com/en-us/security/bulletin/ms13-096

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-3906

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
Microsoft Groove Remote Code Execution Vulnerability (2494047)
Microsoft DirectShow Remote Code Execution Vulnerability (961373)
Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)

Take action and discover your vulnerabilities