Microsoft Lync Remote Code Execution Vulnerability (2908005) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS13-096.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code in the context of the currently logged-in user, which may lead to a complete compromise of an affected computer. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/bulletin/ms13-096

Insight

The flaw is due to an error when handling TIFF files within the Microsoft Graphics Component (GDI+) and can be exploited to cause a memory corruption.

Affected

Microsoft Lync 2010 Microsoft Lync 2013

Detection

Get the vulnerable file version and check appropriate patch is applied or not.

References

http://support.microsoft.com/kb/2850057
http://support.microsoft.com/kb/2899397
https://technet.microsoft.com/en-us/security/bulletin/ms13-096

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-3906
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)
Microsoft DirectShow Remote Code Execution Vulnerability (961373)
Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
Buffer Overrun in Messenger Service (828035)
Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)

Take action and discover your vulnerabilities