The security update addresses the vulnerability by modifying the way that the Lync and Communicator clients handle objects in memory.
For more information, see the subsection, Affected and Non-Affected Software, in this section. This security update is rated Important for supported editions of Microsoft Communicator 2007 R2, Microsoft Lync 2010, Microsoft Lync 2010 Attendee, and Microsoft Lync Server 2013. Instead, an attacker would have to convince users to take action, typically by getting them to accept an invitation in Lync or Communicator to view or share the presentable content. In all cases, an attacker would have no way to force users to view or share the attacker-controlled file or program. The vulnerability could allow remote code execution if an attacker shares specially crafted content, such as a file or program, as a presentation in Lync or Communicator and then convinces a user to accept an invitation to view or share the presentable content. This security update resolves a privately reported vulnerability in Microsoft Lync.
Version: 1.0 General Information Executive Summary Security Bulletin Microsoft Security Bulletin MS13-041 - Important Vulnerability in Lync Could Allow Remote Code Execution (2834695)
0 kommentar(er)
