<< Back
CVE Number Vulnerability Product Severity Date
MS12-039 Vulnerabilities in Lync Could Allow Remote Code Execution (2707956) Microsoft Communicator Important 13-06-2012

Technical Information

Brief overview of the risk:
This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft Lync. The most severe vulnerabilities could allow remote code execution if a user views shared content that contains specially crafted TrueType fonts.
Detailed Information on the risk:

A remote code execution vulnerability exists in the way that affected components handle shared content that contains specially crafted TrueType fonts. The vulnerability could allow remote code execution if a user views shared content that contains specially crafted TrueType fonts. An attacker who successfully exploited this vulnerability could take complete control of an affected system.


Further information on this exploit is available at : MS12-039

Affected Software

Microsoft Communicator 2007 R2
Microsoft Lync 2010 (32-bit)
Microsoft Lync 2010 (64-bit)
Microsoft Lync 2010 Attendee
Microsoft Lync 2010 Attendant (32-bit)
Microsoft Lync 2010 Attendant (64-bit)