CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24003
https://notcve.org/view.php?id=CVE-2020-24003
Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access. Microsoft Skype versiones hasta 8.59.0.77 en macOS posee el derecho de deshabilitar la comprobación de la biblioteca, que permite a un proceso local (con los privilegios del usuario) conseguir acceso no solicitado al micrófono y a la cámara al cargar una biblioteca diseñada y, por lo tanto, heredar el acceso al micrófono y la cámara del Cliente Skype • https://www.hdwsec.fr/blog/20200608-skype •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9948
https://notcve.org/view.php?id=CVE-2017-9948
A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box. Una vulnerabilidad buffer overflow en la pila -stack- ha sido descubierta en Microsoft Skype en su versiones 7.2, 7.35, y 7.36, anteriores a 7.37, que involucra la mala gestión del contenido del portapapeles remoto RDP dentro de la caja del mensaje. • http://www.securityfocus.com/bid/99281 https://www.vulnerability-db.com/?q=articles/2017/05/28/stack-buffer-overflow-zero-day-vulnerability-uncovered-microsoft-skype-v72-v735 https://www.vulnerability-lab.com/get_content.php?id=2071 https://www.vulnerability-lab.com/get_content.php?id=2084 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 1CVE-2017-6517 – Skype 7.16.0.102 DLL Hijacking
https://notcve.org/view.php?id=CVE-2017-6517
Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process. Microsoft Skype 7.16.0.102 contiene una vulnerabilidad que podría permitir a un atacante remoto no autenticado ejecutar código arbitrario en el sistema de destino. Esta vulnerabilidad existe debido a la forma en que Skype carga los archivos .dll. • http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html http://seclists.org/fulldisclosure/2017/Mar/44 http://www.securityfocus.com/bid/96969 http://www.securitytracker.com/id/1038209 https://technet.microsoft.com/security/cc308575.aspx https://twitter.com/tiger_tigerboy/status/755332687141883904 https://twitter.com/vysecurity/status/845013670103003138 • CWE-427: Uncontrolled Search Path Element •