Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Lync code execution
Published:27.05.2013
Source:
SecurityVulns ID:13084
Type:remote
Threat Level:
7/10
Description:Use-after-free vulnerability.
Affected:MICROSOFT : Lync 2010
 MICROSOFT : Microsoft Communicator 2007
 MICROSOFT : Lync Server 2013
CVE:CVE-2013-1336 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability.")
 CVE-2013-1302 (Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability.")
Files:Microsoft Security Bulletin MS13-041 - Important Vulnerability in Lync Could Allow Remote Code Execution (2834695)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod