Check Point Advisories

Preemptive Protection against Microsoft Lync Remote Code Execution (MS13-035; CVE-2013-1302)

Vulnerability
Protection

Check Point Reference:	CPAI-2013-1823
Date Published:	14 May 2013
Severity:	Critical
Last Updated:	Thursday 18 April, 2024
Source:	CVE-2013-1302
Protection Provided by:	Security Gateway R75 R71 R70
Who is Vulnerable?	Microsoft Communicator 2007 R2 Microsoft Lync 2010 (32-bit) Microsoft Lync 2010 (64-bit) Microsoft Lync 2010 Attendee (admin level install) Microsoft Lync 2010 Attendee (user level install) Microsoft Lync Web Access 2013
Vulnerability Description	A remote code execution vulnerability has been reported in Microsoft Lync. The vulnerability is due the way Lync control attempts to access an object in memory that has been deleted. An attacker could exploit the vulnerability by convincing the user to accept an invitation to launch specially crafted content within a Lync or Communicator session. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Update/Patch Avaliable	Apply patches from: MS13-035

Protection Overview

This protection will detect and block attempts to exploit these vulnerabilities.No update is required to address this vulnerabilityUsers are protected against this vulnerability if the Microsoft Windows RDP ActiveX Control Remote Code Execution (MS13-029) protection found in the Protection section of CPAI-2013-1643 has been applied.

Security Gateway R75 / R71 / R70

In the IPS tab, click Protections and find the Microsoft Windows RDP ActiveX Control Remote Code Execution (MS13-029) protection using the Search tool and Edit the protection's settings.
Install policy on all modules.

SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Windows RDP ActiveX Control Remote Code Execution (MS13-029)