CVE-2012-1849

Name of the Vulnerable Software and Affected Versions Microsoft Lync versions 2010 Microsoft Lync Attendee version 2010 Microsoft Lync Attendant version 2010

Description The issue allows local users to gain privileges via a Trojan horse DLL in the current working directory. This can be demonstrated by a directory that contains a .ocsmeet file.

Recommendations For Microsoft Lync 2010, consider restricting access to untrusted directories to minimize the risk of exploitation. For Microsoft Lync Attendee 2010, avoid using untrusted search paths until the issue is resolved. For Microsoft Lync Attendant 2010, as a temporary workaround, consider disabling the loading of DLLs from the current working directory until a patch is available.