Unrated severityNVD Advisory· Published May 15, 2013· Updated Apr 29, 2026

CVE-2013-1302

Description

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."

Affected products

Microsoft/Lync3 versions
cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*
- cpe:2.3:a:microsoft:lync:2010:*:x64:*:*:*:*:*
- cpe:2.3:a:microsoft:lync:2010:*:x86:*:*:*:*:*
Microsoft/Lync Server
cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*
Microsoft/Office Communicator
cpe:2.3:a:microsoft:office_communicator:2007:r2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.us-cert.gov/ncas/alerts/TA13-134AnvdThird Party AdvisoryUS Government Resource
docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-041nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15952nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.036
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000