CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24003
https://notcve.org/view.php?id=CVE-2020-24003
11 Jan 2021 — Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access. Microsoft Skype versiones hasta 8.59.0.77 en macOS posee el derecho de deshabilitar la comprobación de la biblioteca, que permite a un proceso local (con los privilegios del usuario) conseguir acceso no solicitado al... • https://www.hdwsec.fr/blog/20200608-skype •
CVSS: 9.3EPSS: 1%CPEs: 151EXPL: 2CVE-2010-3136 – Skype 4.2.0.169 - 'wab32.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3136
26 Aug 2010 — Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file. Vulnerabilidad de búsqueda en ruta no confiable en Skype v4.2.0.169 y anteriores, permite a usuarios locales y posiblemente atacantes remotos, la ejecución de código de su elección y llevar a cabo ataques de secuestro de DLL a través de un troyano wab3... • https://www.exploit-db.com/exploits/14766 •
CVSS: 10.0EPSS: 0%CPEs: 144EXPL: 0CVE-2009-4741
https://notcve.org/view.php?id=CVE-2009-4741
26 Mar 2010 — Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors. Vulnerabilidad no específica en Extras Manager anteriores a v2.0.0.67 en Skype anteriores a v4.1.0.179 en Windows, tiene impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/37012 •
CVSS: 9.8EPSS: 1%CPEs: 43EXPL: 0CVE-2008-2545
https://notcve.org/view.php?id=CVE-2008-2545
06 Jun 2008 — Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case. Skype 3.6.0.248 y otras versiones anteriores a 3.8.0.139, utiliza comparaciones sensibles a mayúsculas y minúsculas cuando revisa extensiones peligrosas, las cuales permiten a atacantes remotos asistidos por ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 43EXPL: 0CVE-2008-1805 – iDEFENSE Security Advisory 2008-06-04.2
https://notcve.org/view.php?id=CVE-2008-1805
05 Jun 2008 — Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist. Vulnerabilidad de lista negra incompleta en Skype 3.6.0.248 y otras versiones anteriores a 3.8.0.139; permite a atacantes remotos con la ayuda del usuario evitar los diálogos de aviso y posibilita la ejecución de código de su ele... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 41%CPEs: 5EXPL: 0CVE-2008-0454
https://notcve.org/view.php?id=CVE-2008-0454
25 Jan 2008 — Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS." Vulnerabilidad de secuencias de comandos en zonas cruzadas en el control web In... • http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0337.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 27%CPEs: 1EXPL: 1CVE-2006-5084 – Skype Technologies Skype 1.5 - NSRunAlertPanel Remote Format String
https://notcve.org/view.php?id=CVE-2006-5084
29 Sep 2006 — Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference. Vulnerabilidad de formato de cadena en la función NSRunAlertPanel en eBay Skype para Mac 1.5.*.79 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemen... • https://www.exploit-db.com/exploits/28710 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 4%CPEs: 3EXPL: 0CVE-2006-2312
https://notcve.org/view.php?id=CVE-2006-2312
19 May 2006 — Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches. • http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 10.0EPSS: 18%CPEs: 18EXPL: 1CVE-2005-3267
https://notcve.org/view.php?id=CVE-2005-3267
27 Oct 2005 — Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow. • http://marc.info/?l=bugtraq&m=113026202728568&w=2 • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2005-2300
https://notcve.org/view.php?id=CVE-2005-2300
19 Jul 2005 — Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file. Skype 1.1.0.20 y anteriores permite que usuarios locales sobreescriban ficheros arbitrarios mediante un ataque de enlaces simbólicos en el fichero temporal "skype_profile.jpg". • http://marc.info/?l=bugtraq&m=112156036013818&w=2 •