CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24003
https://notcve.org/view.php?id=CVE-2020-24003
11 Jan 2021 — Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access. Microsoft Skype versiones hasta 8.59.0.77 en macOS posee el derecho de deshabilitar la comprobación de la biblioteca, que permite a un proceso local (con los privilegios del usuario) conseguir acceso no solicitado al... • https://www.hdwsec.fr/blog/20200608-skype •
CVSS: 5.9EPSS: 3%CPEs: 1EXPL: 0CVE-2019-0932
https://notcve.org/view.php?id=CVE-2019-0932
16 May 2019 — An information disclosure vulnerability exists in Skype for Android, aka 'Skype for Android Information Disclosure Vulnerability'. Existe una vulnerabilidad de revelación de información en Skype para Android, también se conoce como 'Skype for Android Information Disclosure Vulnerability'. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0932 •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-0622
https://notcve.org/view.php?id=CVE-2019-0622
08 Jan 2019 — An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35. Existe una vulnerabilidad de elevación de privilegios cuando Skype para Andriod no gestiona adecuadamente las peticiones de autenticación específicas. Esto también se conoce como "Skype for Android Elevation of Privilege Vulnerability". Esto afecta a Skype 8.35. • http://www.securityfocus.com/bid/106465 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 4%CPEs: 3EXPL: 0CVE-2017-9948
https://notcve.org/view.php?id=CVE-2017-9948
26 Jun 2017 — A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box. Una vulnerabilidad buffer overflow en la pila -stack- ha sido descubierta en Microsoft Skype en su versiones 7.2, 7.35, y 7.36, anteriores a 7.37, que involucra la mala gestión del contenido del portapapeles remoto RDP dentro de la caja del mensaje. • http://www.securityfocus.com/bid/99281 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 19%CPEs: 1EXPL: 2CVE-2017-6517 – Skype 7.16.0.102 DLL Hijacking
https://notcve.org/view.php?id=CVE-2017-6517
15 Mar 2017 — Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process. Microsoft Skype 7.16.0.102 co... • https://packetstorm.news/files/id/141650 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 4%CPEs: 8EXPL: 0CVE-2011-2074
https://notcve.org/view.php?id=CVE-2011-2074
10 May 2011 — Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a crafted message. Vulnerabilidad no especificada en el cliente de Skype v5.x antes de v5.1.0.922 en Mac OS X permite a usuarios autenticados remotamente ejecutar código de su elección o causar una denegación de servicio (solicitud de bloqueo) a través de un mensaje manipulado. • http://blogs.skype.com/security/2011/05/security_vulnerability_in_mac.html •
CVSS: 9.3EPSS: 1%CPEs: 151EXPL: 2CVE-2010-3136 – Skype 4.2.0.169 - 'wab32.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3136
26 Aug 2010 — Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file. Vulnerabilidad de búsqueda en ruta no confiable en Skype v4.2.0.169 y anteriores, permite a usuarios locales y posiblemente atacantes remotos, la ejecución de código de su elección y llevar a cabo ataques de secuestro de DLL a través de un troyano wab3... • https://www.exploit-db.com/exploits/14766 •
CVSS: 10.0EPSS: 0%CPEs: 144EXPL: 0CVE-2009-4741
https://notcve.org/view.php?id=CVE-2009-4741
26 Mar 2010 — Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors. Vulnerabilidad no específica en Extras Manager anteriores a v2.0.0.67 en Skype anteriores a v4.1.0.179 en Windows, tiene impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/37012 •
CVSS: 9.8EPSS: 1%CPEs: 43EXPL: 0CVE-2008-2545
https://notcve.org/view.php?id=CVE-2008-2545
06 Jun 2008 — Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case. Skype 3.6.0.248 y otras versiones anteriores a 3.8.0.139, utiliza comparaciones sensibles a mayúsculas y minúsculas cuando revisa extensiones peligrosas, las cuales permiten a atacantes remotos asistidos por ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 43EXPL: 0CVE-2008-1805 – iDEFENSE Security Advisory 2008-06-04.2
https://notcve.org/view.php?id=CVE-2008-1805
05 Jun 2008 — Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist. Vulnerabilidad de lista negra incompleta en Skype 3.6.0.248 y otras versiones anteriores a 3.8.0.139; permite a atacantes remotos con la ayuda del usuario evitar los diálogos de aviso y posibilita la ejecución de código de su ele... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711 • CWE-20: Improper Input Validation •