CVE-2013-1302

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, y Lync Server 2013 no maneja correctamente ojbetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario mediante una invitación que genera el acceso a un objeto eliminado, también conocido como "Vulnerabilidad

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-01-12 CVE Reserved
2013-05-15 CVE Published
2024-06-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (3)

URL	Tag	Source
http://www.us-cert.gov/ncas/alerts/TA13-134A	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15952	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-041	2018-10-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Lync Search vendor "Microsoft" for product "Lync"				2010 Search vendor "Microsoft" for product "Lync" and version "2010"		attendee		Affected
Microsoft Search vendor "Microsoft"		Lync Search vendor "Microsoft" for product "Lync"				2010 Search vendor "Microsoft" for product "Lync" and version "2010"		x64		Affected
Microsoft Search vendor "Microsoft"		Lync Search vendor "Microsoft" for product "Lync"				2010 Search vendor "Microsoft" for product "Lync" and version "2010"		x86		Affected
Microsoft Search vendor "Microsoft"		Lync Server Search vendor "Microsoft" for product "Lync Server"				2013 Search vendor "Microsoft" for product "Lync Server" and version "2013"		-		Affected
Microsoft Search vendor "Microsoft"		Office Communicator Search vendor "Microsoft" for product "Office Communicator"				2007 Search vendor "Microsoft" for product "Office Communicator" and version "2007"		r2		Affected