Check Point Advisories

Preemptive Protection against Microsoft Lync Remote Code Execution (MS13-035; CVE-2013-1302)

Check Point Reference: CPAI-2013-1823
Date Published: 14 May 2013
Severity: Critical
Last Updated: Tuesday 01 January, 2013
Source: CVE-2013-1302
Protection Provided by:
Who is Vulnerable? Microsoft Communicator 2007 R2

Microsoft Lync 2010 (32-bit)

Microsoft Lync 2010 (64-bit)

Microsoft Lync 2010 Attendee (admin level install)

Microsoft Lync 2010 Attendee (user level install)

Microsoft Lync Web Access 2013
Vulnerability Description A remote code execution vulnerability has been reported in Microsoft Lync. The vulnerability is due the way Lync control attempts to access an object in memory that has been deleted. An attacker could exploit the vulnerability by convincing the user to accept an invitation to launch specially crafted content within a Lync or Communicator session. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Update/Patch AvaliableApply patches from: MS13-035

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK