CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24003
https://notcve.org/view.php?id=CVE-2020-24003
11 Jan 2021 — Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access. Microsoft Skype versiones hasta 8.59.0.77 en macOS posee el derecho de deshabilitar la comprobación de la biblioteca, que permite a un proceso local (con los privilegios del usuario) conseguir acceso no solicitado al... • https://www.hdwsec.fr/blog/20200608-skype •
CVSS: 9.3EPSS: 1%CPEs: 151EXPL: 2CVE-2010-3136 – Skype 4.2.0.169 - 'wab32.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3136
26 Aug 2010 — Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file. Vulnerabilidad de búsqueda en ruta no confiable en Skype v4.2.0.169 y anteriores, permite a usuarios locales y posiblemente atacantes remotos, la ejecución de código de su elección y llevar a cabo ataques de secuestro de DLL a través de un troyano wab3... • https://www.exploit-db.com/exploits/14766 •
CVSS: 10.0EPSS: 0%CPEs: 144EXPL: 0CVE-2009-4741
https://notcve.org/view.php?id=CVE-2009-4741
26 Mar 2010 — Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors. Vulnerabilidad no específica en Extras Manager anteriores a v2.0.0.67 en Skype anteriores a v4.1.0.179 en Windows, tiene impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/37012 •
CVSS: 9.8EPSS: 1%CPEs: 43EXPL: 0CVE-2008-2545
https://notcve.org/view.php?id=CVE-2008-2545
06 Jun 2008 — Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case. Skype 3.6.0.248 y otras versiones anteriores a 3.8.0.139, utiliza comparaciones sensibles a mayúsculas y minúsculas cuando revisa extensiones peligrosas, las cuales permiten a atacantes remotos asistidos por ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 43EXPL: 0CVE-2008-1805 – iDEFENSE Security Advisory 2008-06-04.2
https://notcve.org/view.php?id=CVE-2008-1805
05 Jun 2008 — Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist. Vulnerabilidad de lista negra incompleta en Skype 3.6.0.248 y otras versiones anteriores a 3.8.0.139; permite a atacantes remotos con la ayuda del usuario evitar los diálogos de aviso y posibilita la ejecución de código de su ele... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 41%CPEs: 5EXPL: 0CVE-2008-0454
https://notcve.org/view.php?id=CVE-2008-0454
25 Jan 2008 — Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS." Vulnerabilidad de secuencias de comandos en zonas cruzadas en el control web In... • http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0337.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 6%CPEs: 18EXPL: 0CVE-2007-5989 – Skype URI Handler Remote Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2007-5989
06 Dec 2007 — Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption. Vulnerabilidad no especificada en el manejador de URIs skype4com anterior a 3.6 GOLD permite a atacantes remotos ejecutar código de su elección mediante "valores de cadena cortos" que provocan una corrupción del montículo (heap). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installatio... • http://osvdb.org/39170 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 27%CPEs: 1EXPL: 1CVE-2006-5084 – Skype Technologies Skype 1.5 - NSRunAlertPanel Remote Format String
https://notcve.org/view.php?id=CVE-2006-5084
29 Sep 2006 — Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference. Vulnerabilidad de formato de cadena en la función NSRunAlertPanel en eBay Skype para Mac 1.5.*.79 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemen... • https://www.exploit-db.com/exploits/28710 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 4%CPEs: 3EXPL: 0CVE-2006-2312
https://notcve.org/view.php?id=CVE-2006-2312
19 May 2006 — Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches. • http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 10.0EPSS: 18%CPEs: 18EXPL: 1CVE-2005-3267
https://notcve.org/view.php?id=CVE-2005-3267
27 Oct 2005 — Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow. • http://marc.info/?l=bugtraq&m=113026202728568&w=2 • CWE-189: Numeric Errors •