CVSS: 6.8EPSS: 87%CPEs: 18EXPL: 0CVE-2007-5989 – Skype URI Handler Remote Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2007-5989
Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption. Vulnerabilidad no especificada en el manejador de URIs skype4com anterior a 3.6 GOLD permite a atacantes remotos ejecutar código de su elección mediante "valores de cadena cortos" que provocan una corrupción del montículo (heap). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the 'skype4com' URI handler created by Skype during installation. When processing short string values through this handler an exploitable memory corruption may occur which can result in arbitrary code execution under the context of the current user. • http://osvdb.org/39170 http://secunia.com/advisories/27934 http://securityreason.com/securityalert/3440 http://securitytracker.com/id?1019056 http://www.securityfocus.com/archive/1/484703/100/0/threaded http://www.securityfocus.com/bid/26748 http://www.vupen.com/english/advisories/2007/4110 http://www.zerodayinitiative.com/advisories/ZDI-07-070.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 5%CPEs: 1EXPL: 1CVE-2007-4429
https://notcve.org/view.php?id=CVE-2007-4429
Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a "call to a specific number." NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the "sign-on issues" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem. Una vulnerabilidad no especificada en Skype, permite a atacantes remotos causar una denegación de servicio (suspensión del servidor) por medio de vectores desconocidos relacionados a el envío de URIs largos, como es afirmado para ser explotados activamente en 20070817 usando una "call to a specific number." • http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates http://en.securitylab.ru/poc/301420.php http://en.securitylab.ru/poc/extra/301419.php http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html http://securityreason.com/securityalert/3032 http://www.securityfocus.com/archive/1/476942/100/0/threaded http://www.securityfocus.com/archive/1/477156/100/0/threaded http:/ •
CVSS: 7.5EPSS: 23%CPEs: 1EXPL: 1CVE-2006-5084 – Skype Technologies Skype 1.5 - NSRunAlertPanel Remote Format String
https://notcve.org/view.php?id=CVE-2006-5084
Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference. Vulnerabilidad de formato de cadena en la función NSRunAlertPanel en eBay Skype para Mac 1.5.*.79 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código arbitrario a través de una URL de Skype mal formada, como se reportó originalmente para involucrar una referencia null. • https://www.exploit-db.com/exploits/28710 http://secunia.com/advisories/22185 http://security-protocols.com/vids/skype_osx_0day.htm http://securitytracker.com/id?1016966 http://www.kb.cert.org/vuls/id/202604 http://www.security-protocols.com/modules.php?name=News&file=article&sid=3259 http://www.securityfocus.com/bid/20218 http://www.skype.com/security/skype-sb-2006-002.html http://www.vupen.com/english/advisories/2006/3895 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 23%CPEs: 18EXPL: 0CVE-2005-3265
https://notcve.org/view.php?id=CVE-2005-3265
Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine. • http://secunia.com/advisories/17305 http://skype.com/security/skype-sb-2005-02.html http://www.kb.cert.org/vuls/id/668193 http://www.kb.cert.org/vuls/id/930345 http://www.pentest.co.uk/documents/ptl-2005-01.html http://www.securityfocus.com/bid/15190 http://www.vupen.com/english/advisories/2005/2197 https://exchange.xforce.ibmcloud.com/vulnerabilities/22848 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 18EXPL: 1CVE-2005-3267
https://notcve.org/view.php?id=CVE-2005-3267
Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow. • http://marc.info/?l=bugtraq&m=113026202728568&w=2 http://secunia.com/advisories/17305 http://securityreason.com/securityalert/115 http://skype.com/security/skype-sb-2005-03.html http://www.kb.cert.org/vuls/id/905177 http://www.osvdb.org/20306 http://www.securityfocus.com/bid/15192 http://www.vupen.com/english/advisories/2005/2197 https://exchange.xforce.ibmcloud.com/vulnerabilities/22850 • CWE-189: Numeric Errors •