All the vulnerabilites related to Microsoft - Skype
cve-2017-6517
Vulnerability from cvelistv5
Published
2017-03-23 20:00
Modified
2024-08-05 15:33
Severity ?
Summary
Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:33:19.859Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20170316 Skype Insecure Library Loading Vulnerability (api-ms-win-core-winrt-string-l1-1-0.dll)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Mar/44"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/tiger_tigerboy/status/755332687141883904"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/vysecurity/status/845013670103003138"
          },
          {
            "name": "96969",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96969"
          },
          {
            "name": "1038209",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038209"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://technet.microsoft.com/security/cc308575.aspx"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-03-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker\u0027s choosing that could execute arbitrary code without the user\u0027s knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20170316 Skype Insecure Library Loading Vulnerability (api-ms-win-core-winrt-string-l1-1-0.dll)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Mar/44"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/tiger_tigerboy/status/755332687141883904"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/vysecurity/status/845013670103003138"
        },
        {
          "name": "96969",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96969"
        },
        {
          "name": "1038209",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038209"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://technet.microsoft.com/security/cc308575.aspx"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-6517",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker\u0027s choosing that could execute arbitrary code without the user\u0027s knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20170316 Skype Insecure Library Loading Vulnerability (api-ms-win-core-winrt-string-l1-1-0.dll)",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2017/Mar/44"
            },
            {
              "name": "https://twitter.com/tiger_tigerboy/status/755332687141883904",
              "refsource": "MISC",
              "url": "https://twitter.com/tiger_tigerboy/status/755332687141883904"
            },
            {
              "name": "https://twitter.com/vysecurity/status/845013670103003138",
              "refsource": "MISC",
              "url": "https://twitter.com/vysecurity/status/845013670103003138"
            },
            {
              "name": "96969",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96969"
            },
            {
              "name": "1038209",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038209"
            },
            {
              "name": "https://technet.microsoft.com/security/cc308575.aspx",
              "refsource": "CONFIRM",
              "url": "https://technet.microsoft.com/security/cc308575.aspx"
            },
            {
              "name": "http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-6517",
    "datePublished": "2017-03-23T20:00:00",
    "dateReserved": "2017-03-07T00:00:00",
    "dateUpdated": "2024-08-05T15:33:19.859Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-8311
Vulnerability from cvelistv5
Published
2018-07-11 00:00
Modified
2024-08-05 06:54
Severity ?
Summary
A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.
References
Impacted products
Vendor Product Version
Microsoft Microsoft Lync Version: 2013 Service Pack 1 (32-bit)
Version: 2013 Service Pack 1 (64-bit)
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:54:35.227Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104624",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104624"
          },
          {
            "name": "1041259",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041259"
          },
          {
            "name": "1041260",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041260"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Skype",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Business 2016 (32-bit)"
            },
            {
              "status": "affected",
              "version": "Business 2016 (64-bit)"
            }
          ]
        },
        {
          "product": "Microsoft Lync",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (32-bit)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (64-bit)"
            }
          ]
        }
      ],
      "datePublic": "2018-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "104624",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104624"
        },
        {
          "name": "1041259",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041259"
        },
        {
          "name": "1041260",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041260"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8311",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Skype",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Business 2016 (32-bit)"
                          },
                          {
                            "version_value": "Business 2016 (64-bit)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Lync",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2013 Service Pack 1 (32-bit)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (64-bit)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104624",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104624"
            },
            {
              "name": "1041259",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041259"
            },
            {
              "name": "1041260",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041260"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8311",
    "datePublished": "2018-07-11T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:54:35.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-8238
Vulnerability from cvelistv5
Published
2018-07-11 00:00
Modified
2024-08-05 06:46
Severity ?
Summary
A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.
Impacted products
Vendor Product Version
Microsoft Microsoft Lync Version: 2013 Service Pack 1 (32-bit)
Version: 2013 Service Pack 1 (64-bit)
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:13.830Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104619",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104619"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Skype",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Business 2016 (32-bit)"
            },
            {
              "status": "affected",
              "version": "Business 2016 (64-bit)"
            }
          ]
        },
        {
          "product": "Microsoft Lync",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (32-bit)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (64-bit)"
            }
          ]
        }
      ],
      "datePublic": "2018-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka \"Skype for Business and Lync Security Feature Bypass Vulnerability.\" This affects Skype, Microsoft Lync."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Feature Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "104619",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104619"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8238",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Skype",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Business 2016 (32-bit)"
                          },
                          {
                            "version_value": "Business 2016 (64-bit)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Lync",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2013 Service Pack 1 (32-bit)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (64-bit)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka \"Skype for Business and Lync Security Feature Bypass Vulnerability.\" This affects Skype, Microsoft Lync."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Feature Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104619",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104619"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8238",
    "datePublished": "2018-07-11T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:46:13.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-24003
Vulnerability from cvelistv5
Published
2021-01-11 15:26
Modified
2024-08-04 15:05
Severity ?
Summary
Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access.
References
https://www.hdwsec.fr/blog/20200608-skype/x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:05:11.690Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.hdwsec.fr/blog/20200608-skype/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user\u0027s privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client\u0027s microphone and camera access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-11T15:26:26",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.hdwsec.fr/blog/20200608-skype/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-24003",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user\u0027s privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client\u0027s microphone and camera access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.hdwsec.fr/blog/20200608-skype/",
              "refsource": "MISC",
              "url": "https://www.hdwsec.fr/blog/20200608-skype/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-24003",
    "datePublished": "2021-01-11T15:26:26",
    "dateReserved": "2020-08-13T00:00:00",
    "dateUpdated": "2024-08-04T15:05:11.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0595
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
Summary
Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.189Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
          },
          {
            "name": "JVN#91151862",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN91151862/index.html"
          },
          {
            "name": "104563",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104563"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "The installer of Skype for Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "datePublic": "2018-06-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Untrusted search path vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-28T09:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
        },
        {
          "name": "JVN#91151862",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN91151862/index.html"
        },
        {
          "name": "104563",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104563"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0595",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "The installer of Skype for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
              "refsource": "MISC",
              "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
            },
            {
              "name": "JVN#91151862",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN91151862/index.html"
            },
            {
              "name": "104563",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104563"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0595",
    "datePublished": "2018-06-26T14:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:28:11.189Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-8546
Vulnerability from cvelistv5
Published
2018-11-14 01:00
Modified
2024-08-05 07:02
Severity ?
Summary
A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
Impacted products
Vendor Product Version
Microsoft Microsoft Office Version: 2019 for 32-bit editions
Version: 2019 for 64-bit editions
Microsoft Office Version: 365 ProPlus for 32-bit Systems
Version: 365 ProPlus for 64-bit Systems
Microsoft Microsoft Lync Version: 2013 Service Pack 1 (32-bit)
Version: 2013 Service Pack 1 (64-bit)
Version: Basic 2013 Service Pack 1 (32-bit)
Version: Basic 2013 Service Pack 1 (64-bit)
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:02:25.364Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546"
          },
          {
            "name": "105802",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105802"
          },
          {
            "name": "1042125",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042125"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Skype",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Business 2016 (32-bit)"
            },
            {
              "status": "affected",
              "version": "Business 2016 (64-bit)"
            },
            {
              "status": "affected",
              "version": "Business 2016 Basic (32-bit)"
            },
            {
              "status": "affected",
              "version": "Business 2016 Basic (64-bit)"
            }
          ]
        },
        {
          "product": "Microsoft Office",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2019 for 32-bit editions"
            },
            {
              "status": "affected",
              "version": "2019 for 64-bit editions"
            }
          ]
        },
        {
          "product": "Office",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "365 ProPlus for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "365 ProPlus for 64-bit Systems"
            }
          ]
        },
        {
          "product": "Microsoft Lync",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (32-bit)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (64-bit)"
            },
            {
              "status": "affected",
              "version": "Basic 2013 Service Pack 1 (32-bit)"
            },
            {
              "status": "affected",
              "version": "Basic 2013 Service Pack 1 (64-bit)"
            }
          ]
        }
      ],
      "datePublic": "2018-11-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability exists in Skype for Business, aka \"Microsoft Skype for Business Denial of Service Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-14T10:57:02",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546"
        },
        {
          "name": "105802",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105802"
        },
        {
          "name": "1042125",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042125"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8546",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Skype",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Business 2016 (32-bit)"
                          },
                          {
                            "version_value": "Business 2016 (64-bit)"
                          },
                          {
                            "version_value": "Business 2016 Basic (32-bit)"
                          },
                          {
                            "version_value": "Business 2016 Basic (64-bit)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019 for 32-bit editions"
                          },
                          {
                            "version_value": "2019 for 64-bit editions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "365 ProPlus for 32-bit Systems"
                          },
                          {
                            "version_value": "365 ProPlus for 64-bit Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Lync",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2013 Service Pack 1 (32-bit)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (64-bit)"
                          },
                          {
                            "version_value": "Basic 2013 Service Pack 1 (32-bit)"
                          },
                          {
                            "version_value": "Basic 2013 Service Pack 1 (64-bit)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability exists in Skype for Business, aka \"Microsoft Skype for Business Denial of Service Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546"
            },
            {
              "name": "105802",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105802"
            },
            {
              "name": "1042125",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042125"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8546",
    "datePublished": "2018-11-14T01:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T07:02:25.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0932
Vulnerability from cvelistv5
Published
2019-05-16 18:17
Modified
2024-08-04 17:58
Severity ?
Summary
An information disclosure vulnerability exists in Skype for Android, aka 'Skype for Android Information Disclosure Vulnerability'.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:58:59.566Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0932"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Skype",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "8.35 when installed on Android Devices"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability exists in Skype for Android, aka \u0027Skype for Android Information Disclosure Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-16T18:17:02",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0932"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0932",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Skype",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.35 when installed on Android Devices"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure vulnerability exists in Skype for Android, aka \u0027Skype for Android Information Disclosure Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0932",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0932"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0932",
    "datePublished": "2019-05-16T18:17:02",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:58:59.566Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0622
Vulnerability from cvelistv5
Published
2019-01-08 21:00
Modified
2024-08-04 17:51
Severity ?
Summary
An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:51:27.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106465",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106465"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0622"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Skype",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "8.35 when installed on Android Devices"
            }
          ]
        }
      ],
      "datePublic": "2019-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka \"Skype for Android Elevation of Privilege Vulnerability.\" This affects Skype 8.35."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-09T10:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "106465",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106465"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0622"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0622",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Skype",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.35 when installed on Android Devices"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka \"Skype for Android Elevation of Privilege Vulnerability.\" This affects Skype 8.35."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106465",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106465"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0622",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0622"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0622",
    "datePublished": "2019-01-08T21:00:00",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:51:27.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5720
Vulnerability from cvelistv5
Published
2017-01-23 21:00
Modified
2024-08-06 01:08
Severity ?
Summary
Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory.
References
http://seclists.org/fulldisclosure/2016/Sep/65mailing-list, x_refsource_FULLDISC
http://www.securityfocus.com/bid/95859vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:08:00.540Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160927 skype installer dll hijacking vulnerability - CVE-2016-5720",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Sep/65"
          },
          {
            "name": "95859",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95859"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-31T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20160927 skype installer dll hijacking vulnerability - CVE-2016-5720",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Sep/65"
        },
        {
          "name": "95859",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95859"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-5720",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160927 skype installer dll hijacking vulnerability - CVE-2016-5720",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Sep/65"
            },
            {
              "name": "95859",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95859"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-5720",
    "datePublished": "2017-01-23T21:00:00",
    "dateReserved": "2016-06-16T00:00:00",
    "dateUpdated": "2024-08-06T01:08:00.540Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0594
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
Summary
Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.236Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
          },
          {
            "name": "JVN#91151862",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN91151862/index.html"
          },
          {
            "name": "104563",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104563"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Skype for Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "datePublic": "2018-06-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Untrusted search path vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-28T09:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
        },
        {
          "name": "JVN#91151862",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN91151862/index.html"
        },
        {
          "name": "104563",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104563"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0594",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Skype for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
              "refsource": "MISC",
              "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
            },
            {
              "name": "JVN#91151862",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN91151862/index.html"
            },
            {
              "name": "104563",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104563"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0594",
    "datePublished": "2018-06-26T14:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:28:11.236Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-9948
Vulnerability from cvelistv5
Published
2017-06-26 14:00
Modified
2024-08-05 17:24
Severity ?
Summary
A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:24:59.844Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99281",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99281"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.vulnerability-lab.com/get_content.php?id=2071"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.vulnerability-lab.com/get_content.php?id=2084"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.vulnerability-db.com/?q=articles/2017/05/28/stack-buffer-overflow-zero-day-vulnerability-uncovered-microsoft-skype-v72-v735"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-06-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-29T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "99281",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99281"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.vulnerability-lab.com/get_content.php?id=2071"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.vulnerability-lab.com/get_content.php?id=2084"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.vulnerability-db.com/?q=articles/2017/05/28/stack-buffer-overflow-zero-day-vulnerability-uncovered-microsoft-skype-v72-v735"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9948",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99281",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99281"
            },
            {
              "name": "https://www.vulnerability-lab.com/get_content.php?id=2071",
              "refsource": "MISC",
              "url": "https://www.vulnerability-lab.com/get_content.php?id=2071"
            },
            {
              "name": "https://www.vulnerability-lab.com/get_content.php?id=2084",
              "refsource": "MISC",
              "url": "https://www.vulnerability-lab.com/get_content.php?id=2084"
            },
            {
              "name": "https://www.vulnerability-db.com/?q=articles/2017/05/28/stack-buffer-overflow-zero-day-vulnerability-uncovered-microsoft-skype-v72-v735",
              "refsource": "MISC",
              "url": "https://www.vulnerability-db.com/?q=articles/2017/05/28/stack-buffer-overflow-zero-day-vulnerability-uncovered-microsoft-skype-v72-v735"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9948",
    "datePublished": "2017-06-26T14:00:00",
    "dateReserved": "2017-06-26T00:00:00",
    "dateUpdated": "2024-08-05T17:24:59.844Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0624
Vulnerability from cvelistv5
Published
2019-01-17 18:00
Modified
2024-08-04 17:51
Severity ?
Summary
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:51:26.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0624"
          },
          {
            "name": "106663",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106663"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Skype",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Business Server 2015 CU 8"
            }
          ]
        }
      ],
      "datePublic": "2019-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka \"Skype for Business 2015 Spoofing Vulnerability.\" This affects Skype."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-22T10:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0624"
        },
        {
          "name": "106663",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106663"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0624",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Skype",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Business Server 2015 CU 8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka \"Skype for Business 2015 Spoofing Vulnerability.\" This affects Skype."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0624",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0624"
            },
            {
              "name": "106663",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106663"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0624",
    "datePublished": "2019-01-17T18:00:00",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:51:26.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}