Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
15 vulnerabilities by skype_technologies
CVE-2008-1805 (GCVE-0-2008-1805)
Vulnerability from cvelistv5 – Published: 2008-06-06 22:00 – Updated: 2024-08-07 08:32
VLAI
Summary
Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1020201 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/30547 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/1749… | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/29553 | vdb-entryx_refsource_BID |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| http://www.skype.com/security/skype-sb-2008-003.html | x_refsource_CONFIRM |
Date Public
2008-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30547"
},
{
"name": "ADV-2008-1749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30547"
},
{
"name": "ADV-2008-1749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30547"
},
{
"name": "ADV-2008-1749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"name": "http://www.skype.com/security/skype-sb-2008-003.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1805",
"datePublished": "2008-06-06T22:00:00.000Z",
"dateReserved": "2008-04-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:32:01.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2545 (GCVE-0-2008-2545)
Vulnerability from cvelistv5 – Published: 2008-06-06 22:00 – Updated: 2024-08-07 09:05
VLAI
Summary
Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1020201 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/30547 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2008/1749… | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/29553 | vdb-entryx_refsource_BID |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| http://www.skype.com/security/skype-sb-2008-003.html | x_refsource_CONFIRM |
Date Public
2008-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:05:29.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30547"
},
{
"name": "skype-fileuri-case-security-bypass(43044)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43044"
},
{
"name": "ADV-2008-1749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30547"
},
{
"name": "skype-fileuri-case-security-bypass(43044)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43044"
},
{
"name": "ADV-2008-1749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30547"
},
{
"name": "skype-fileuri-case-security-bypass(43044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43044"
},
{
"name": "ADV-2008-1749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"name": "http://www.skype.com/security/skype-sb-2008-003.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2545",
"datePublished": "2008-06-06T22:00:00.000Z",
"dateReserved": "2008-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:05:29.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0582 (GCVE-0-2008-0582)
Vulnerability from cvelistv5 – Published: 2008-02-05 02:00 – Updated: 2024-08-07 07:54
VLAI
Summary
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://aviv.raffon.net/2008/01/31/AttackersCanSky… | x_refsource_MISC |
| http://www.securityfocus.com/bid/27338 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/487370/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.kb.cert.org/vuls/id/794236 | third-party-advisoryx_refsource_CERT-VN |
Date Public
2008-01-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:21.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "20080131 Attackers can SkypeFind you",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487370/100/0/threaded"
},
{
"name": "VU#794236",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/794236"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "20080131 Attackers can SkypeFind you",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487370/100/0/threaded"
},
{
"name": "VU#794236",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/794236"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx",
"refsource": "MISC",
"url": "http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx"
},
{
"name": "27338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "20080131 Attackers can SkypeFind you",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487370/100/0/threaded"
},
{
"name": "VU#794236",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/794236"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0582",
"datePublished": "2008-02-05T02:00:00.000Z",
"dateReserved": "2008-02-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:54:21.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0583 (GCVE-0-2008-0583)
Vulnerability from cvelistv5 – Published: 2008-02-05 02:00 – Updated: 2024-08-07 07:54
VLAI
Summary
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://aviv.raffon.net/2008/01/22/NoMoreVideosFor… | x_refsource_MISC |
| http://www.securityfocus.com/bid/27338 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/794236 | third-party-advisoryx_refsource_CERT-VN |
| http://skype.com/security/skype-sb-2008-001-update1.htm | x_refsource_MISC |
Date Public
2008-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:21.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#794236",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/794236"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://skype.com/security/skype-sb-2008-001-update1.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) \"Add video to chat\" or (2) \"Add video to mood\" dialog, a different vector than CVE-2008-0454."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#794236",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/794236"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://skype.com/security/skype-sb-2008-001-update1.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) \"Add video to chat\" or (2) \"Add video to mood\" dialog, a different vector than CVE-2008-0454."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"name": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx",
"refsource": "MISC",
"url": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx"
},
{
"name": "27338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#794236",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/794236"
},
{
"name": "http://skype.com/security/skype-sb-2008-001-update1.htm",
"refsource": "MISC",
"url": "http://skype.com/security/skype-sb-2008-001-update1.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0583",
"datePublished": "2008-02-05T02:00:00.000Z",
"dateReserved": "2008-02-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:54:21.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0454 (GCVE-0-2008-0454)
Vulnerability from cvelistv5 – Published: 2008-01-25 00:00 – Updated: 2024-08-07 07:46
VLAI
Summary
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://www.critical.lt/?opinions/show/1470 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/486512/100… | mailing-listx_refsource_BUGTRAQ |
| http://aviv.raffon.net/2008/01/17/SkypeCrosszoneS… | x_refsource_MISC |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/bid/27338 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/248184 | third-party-advisoryx_refsource_CERT-VN |
| http://www.gnucitizen.org/blog/vulnerabilities-in-skype | x_refsource_MISC |
| http://skype.com/security/skype-sb-2008-001-updat… | x_refsource_CONFIRM |
| http://share.skype.com/sites/security/2008/01/sky… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/0194 | vdb-entryx_refsource_VUPEN |
| http://skype.com/security/skype-sb-2008-001.html | x_refsource_CONFIRM |
Date Public
2008-01-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"name": "20080117 Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0337.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.critical.lt/?opinions/show/1470"
},
{
"name": "20080117 RE: Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486512/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx"
},
{
"name": "20080117 Re: Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0363.html"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#248184",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/248184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/vulnerabilities-in-skype"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://skype.com/security/skype-sb-2008-001-update1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html"
},
{
"name": "ADV-2008-0194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0194"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://skype.com/security/skype-sb-2008-001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the \"Add video to chat\" dialog, aka \"videomood XSS.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"name": "20080117 Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0337.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.critical.lt/?opinions/show/1470"
},
{
"name": "20080117 RE: Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486512/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx"
},
{
"name": "20080117 Re: Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0363.html"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#248184",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/248184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/vulnerabilities-in-skype"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://skype.com/security/skype-sb-2008-001-update1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html"
},
{
"name": "ADV-2008-0194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0194"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://skype.com/security/skype-sb-2008-001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the \"Add video to chat\" dialog, aka \"videomood XSS.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"name": "20080117 Skype videomood XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0337.html"
},
{
"name": "http://www.critical.lt/?opinions/show/1470",
"refsource": "MISC",
"url": "http://www.critical.lt/?opinions/show/1470"
},
{
"name": "20080117 RE: Skype videomood XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486512/100/0/threaded"
},
{
"name": "http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx",
"refsource": "MISC",
"url": "http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx"
},
{
"name": "20080117 Re: Skype videomood XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0363.html"
},
{
"name": "27338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#248184",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/248184"
},
{
"name": "http://www.gnucitizen.org/blog/vulnerabilities-in-skype",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/vulnerabilities-in-skype"
},
{
"name": "http://skype.com/security/skype-sb-2008-001-update1.html",
"refsource": "CONFIRM",
"url": "http://skype.com/security/skype-sb-2008-001-update1.html"
},
{
"name": "http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html",
"refsource": "CONFIRM",
"url": "http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html"
},
{
"name": "ADV-2008-0194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0194"
},
{
"name": "http://skype.com/security/skype-sb-2008-001.html",
"refsource": "CONFIRM",
"url": "http://skype.com/security/skype-sb-2008-001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0454",
"datePublished": "2008-01-25T00:00:00.000Z",
"dateReserved": "2008-01-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:54.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5989 (GCVE-0-2007-5989)
Vulnerability from cvelistv5 – Published: 2007-12-13 21:00 – Updated: 2024-08-07 15:47
VLAI
Summary
Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2007/4110 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1019056 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/27934 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/3440 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/484703/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/39170 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/26748 | vdb-entryx_refsource_BID |
| http://www.zerodayinitiative.com/advisories/ZDI-0… | x_refsource_MISC |
Date Public
2007-12-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-4110",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4110"
},
{
"name": "1019056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019056"
},
{
"name": "27934",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27934"
},
{
"name": "3440",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3440"
},
{
"name": "20071206 ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484703/100/0/threaded"
},
{
"name": "39170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39170"
},
{
"name": "26748",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-070.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via \"short string values\" that result in heap corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-4110",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4110"
},
{
"name": "1019056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019056"
},
{
"name": "27934",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27934"
},
{
"name": "3440",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3440"
},
{
"name": "20071206 ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484703/100/0/threaded"
},
{
"name": "39170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39170"
},
{
"name": "26748",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-070.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via \"short string values\" that result in heap corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-4110",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4110"
},
{
"name": "1019056",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019056"
},
{
"name": "27934",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27934"
},
{
"name": "3440",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3440"
},
{
"name": "20071206 ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484703/100/0/threaded"
},
{
"name": "39170",
"refsource": "OSVDB",
"url": "http://osvdb.org/39170"
},
{
"name": "26748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26748"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-070.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-070.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5989",
"datePublished": "2007-12-13T21:00:00.000Z",
"dateReserved": "2007-11-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:47:00.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4429 (GCVE-0-2007-4429)
Vulnerability from cvelistv5 – Published: 2007-08-20 19:00 – Updated: 2024-08-07 14:53
VLAI
KEVIntel
Summary
Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a "call to a specific number." NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the "sign-on issues" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/477156/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/477240/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3032 | third-party-advisoryx_refsource_SREASON |
| http://en.securitylab.ru/poc/extra/301419.php | x_refsource_MISC |
| http://heartbeat.skype.com/2007/08/what_happened_… | x_refsource_MISC |
| http://blogs.csoonline.com/the_skype_mystery_why_… | x_refsource_MISC |
| http://www.securitylab.ru/news/301422.php | x_refsource_MISC |
| http://heartbeat.skype.com/2007/08/where_we_are_a… | x_refsource_MISC |
| http://en.securitylab.ru/poc/301420.php | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/477178/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/476942/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070820 Re: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477156/100/0/threaded"
},
{
"name": "20070820 Re[2]: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477240/100/0/threaded"
},
{
"name": "3032",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3032"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.securitylab.ru/poc/extra/301419.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitylab.ru/news/301422.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.securitylab.ru/poc/301420.php"
},
{
"name": "20070820 RE: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477178/100/0/threaded"
},
{
"name": "20070817 Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476942/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a \"call to a specific number.\" NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the \"sign-on issues\" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070820 Re: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477156/100/0/threaded"
},
{
"name": "20070820 Re[2]: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477240/100/0/threaded"
},
{
"name": "3032",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3032"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.securitylab.ru/poc/extra/301419.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitylab.ru/news/301422.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.securitylab.ru/poc/301420.php"
},
{
"name": "20070820 RE: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477178/100/0/threaded"
},
{
"name": "20070817 Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476942/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a \"call to a specific number.\" NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the \"sign-on issues\" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070820 Re: Skype Network Remote DoS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477156/100/0/threaded"
},
{
"name": "20070820 Re[2]: Skype Network Remote DoS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477240/100/0/threaded"
},
{
"name": "3032",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3032"
},
{
"name": "http://en.securitylab.ru/poc/extra/301419.php",
"refsource": "MISC",
"url": "http://en.securitylab.ru/poc/extra/301419.php"
},
{
"name": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html",
"refsource": "MISC",
"url": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html"
},
{
"name": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates",
"refsource": "MISC",
"url": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates"
},
{
"name": "http://www.securitylab.ru/news/301422.php",
"refsource": "MISC",
"url": "http://www.securitylab.ru/news/301422.php"
},
{
"name": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html",
"refsource": "MISC",
"url": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html"
},
{
"name": "http://en.securitylab.ru/poc/301420.php",
"refsource": "MISC",
"url": "http://en.securitylab.ru/poc/301420.php"
},
{
"name": "20070820 RE: Skype Network Remote DoS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477178/100/0/threaded"
},
{
"name": "20070817 Skype Network Remote DoS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476942/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4429",
"datePublished": "2007-08-20T19:00:00.000Z",
"dateReserved": "2007-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:53:55.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5084 (GCVE-0-2006-5084)
Vulnerability from cvelistv5 – Published: 2006-09-29 00:00 – Updated: 2024-08-07 19:41
VLAI
Summary
Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/202604 | third-party-advisoryx_refsource_CERT-VN |
| http://secunia.com/advisories/22185/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/3895 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1016966 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/20218 | vdb-entryx_refsource_BID |
| http://security-protocols.com/vids/skype_osx_0day.htm | x_refsource_MISC |
| http://www.skype.com/security/skype-sb-2006-002.html | x_refsource_CONFIRM |
| http://www.security-protocols.com/modules.php?nam… | x_refsource_MISC |
Date Public
2006-09-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:03.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#202604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/202604"
},
{
"name": "22185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22185/"
},
{
"name": "ADV-2006-3895",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3895"
},
{
"name": "1016966",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016966"
},
{
"name": "20218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20218"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security-protocols.com/vids/skype_osx_0day.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/skype-sb-2006-002.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#202604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/202604"
},
{
"name": "22185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22185/"
},
{
"name": "ADV-2006-3895",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3895"
},
{
"name": "1016966",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016966"
},
{
"name": "20218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20218"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security-protocols.com/vids/skype_osx_0day.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/skype-sb-2006-002.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3259"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#202604",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/202604"
},
{
"name": "22185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22185/"
},
{
"name": "ADV-2006-3895",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3895"
},
{
"name": "1016966",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016966"
},
{
"name": "20218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20218"
},
{
"name": "http://security-protocols.com/vids/skype_osx_0day.htm",
"refsource": "MISC",
"url": "http://security-protocols.com/vids/skype_osx_0day.htm"
},
{
"name": "http://www.skype.com/security/skype-sb-2006-002.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/skype-sb-2006-002.html"
},
{
"name": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3259",
"refsource": "MISC",
"url": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3259"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5084",
"datePublished": "2006-09-29T00:00:00.000Z",
"dateReserved": "2006-09-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:03.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2312 (GCVE-0-2006-2312)
Vulnerability from cvelistv5 – Published: 2006-05-19 21:00 – Updated: 2024-08-07 17:43
VLAI
Summary
Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/bid/18038 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/466428 | third-party-advisoryx_refsource_CERT-VN |
| http://www.vupen.com/english/advisories/2006/1871 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/434707/30/… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/25658 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/20154 | third-party-advisoryx_refsource_SECUNIA |
| http://www.skype.com/security/skype-sb-2006-001.html | x_refsource_CONFIRM |
Date Public
2006-05-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:29.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060521 Skype - URI Handler Command Switch Parsing",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html"
},
{
"name": "18038",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18038"
},
{
"name": "VU#466428",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/466428"
},
{
"name": "ADV-2006-1871",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1871"
},
{
"name": "skype-uri-handler-file-access(26557)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26557"
},
{
"name": "20060521 Skype - URI Handler Command Switch Parsing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434707/30/4860/threaded"
},
{
"name": "25658",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25658"
},
{
"name": "20154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20154"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/skype-sb-2006-001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060521 Skype - URI Handler Command Switch Parsing",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html"
},
{
"name": "18038",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18038"
},
{
"name": "VU#466428",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/466428"
},
{
"name": "ADV-2006-1871",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1871"
},
{
"name": "skype-uri-handler-file-access(26557)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26557"
},
{
"name": "20060521 Skype - URI Handler Command Switch Parsing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434707/30/4860/threaded"
},
{
"name": "25658",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25658"
},
{
"name": "20154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20154"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/skype-sb-2006-001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060521 Skype - URI Handler Command Switch Parsing",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html"
},
{
"name": "18038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18038"
},
{
"name": "VU#466428",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/466428"
},
{
"name": "ADV-2006-1871",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1871"
},
{
"name": "skype-uri-handler-file-access(26557)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26557"
},
{
"name": "20060521 Skype - URI Handler Command Switch Parsing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434707/30/4860/threaded"
},
{
"name": "25658",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25658"
},
{
"name": "20154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20154"
},
{
"name": "http://www.skype.com/security/skype-sb-2006-001.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/skype-sb-2006-001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2312",
"datePublished": "2006-05-19T21:00:00.000Z",
"dateReserved": "2006-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:43:29.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3267 (GCVE-0-2005-3267)
Vulnerability from cvelistv5 – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:01
VLAI
Summary
Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/17305/ | third-party-advisoryx_refsource_SECUNIA |
| http://skype.com/security/skype-sb-2005-03.html | x_refsource_CONFIRM |
| http://marc.info/?l=bugtraq&m=113026202728568&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/20306 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2005/2197 | vdb-entryx_refsource_VUPEN |
| http://www.kb.cert.org/vuls/id/905177 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/15192 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/115 | third-party-advisoryx_refsource_SREASON |
Date Public
2005-10-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:59.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "skype-client-udp-bo(22850)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22850"
},
{
"name": "17305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17305/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://skype.com/security/skype-sb-2005-03.html"
},
{
"name": "20051025 Skype security advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113026202728568\u0026w=2"
},
{
"name": "20306",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20306"
},
{
"name": "ADV-2005-2197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#905177",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/905177"
},
{
"name": "15192",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15192"
},
{
"name": "115",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/115"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "skype-client-udp-bo(22850)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22850"
},
{
"name": "17305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17305/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://skype.com/security/skype-sb-2005-03.html"
},
{
"name": "20051025 Skype security advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113026202728568\u0026w=2"
},
{
"name": "20306",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20306"
},
{
"name": "ADV-2005-2197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#905177",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/905177"
},
{
"name": "15192",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15192"
},
{
"name": "115",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/115"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "skype-client-udp-bo(22850)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22850"
},
{
"name": "17305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17305/"
},
{
"name": "http://skype.com/security/skype-sb-2005-03.html",
"refsource": "CONFIRM",
"url": "http://skype.com/security/skype-sb-2005-03.html"
},
{
"name": "20051025 Skype security advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113026202728568\u0026w=2"
},
{
"name": "20306",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20306"
},
{
"name": "ADV-2005-2197",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#905177",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/905177"
},
{
"name": "15192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15192"
},
{
"name": "115",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/115"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3267",
"datePublished": "2005-10-27T04:00:00.000Z",
"dateReserved": "2005-10-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:01:59.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3265 (GCVE-0-2005-3265)
Vulnerability from cvelistv5 – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:01
VLAI
Summary
Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.pentest.co.uk/documents/ptl-2005-01.html | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/668193 | third-party-advisoryx_refsource_CERT-VN |
| http://secunia.com/advisories/17305/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2005/2197 | vdb-entryx_refsource_VUPEN |
| http://www.kb.cert.org/vuls/id/930345 | third-party-advisoryx_refsource_CERT-VN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/15190 | vdb-entryx_refsource_BID |
| http://skype.com/security/skype-sb-2005-02.html | x_refsource_CONFIRM |
Date Public
2005-10-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:59.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pentest.co.uk/documents/ptl-2005-01.html"
},
{
"name": "VU#668193",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/668193"
},
{
"name": "17305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17305/"
},
{
"name": "ADV-2005-2197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#930345",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/930345"
},
{
"name": "skype-uri-bo(22848)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22848"
},
{
"name": "15190",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://skype.com/security/skype-sb-2005-02.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pentest.co.uk/documents/ptl-2005-01.html"
},
{
"name": "VU#668193",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/668193"
},
{
"name": "17305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17305/"
},
{
"name": "ADV-2005-2197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#930345",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/930345"
},
{
"name": "skype-uri-bo(22848)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22848"
},
{
"name": "15190",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://skype.com/security/skype-sb-2005-02.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pentest.co.uk/documents/ptl-2005-01.html",
"refsource": "MISC",
"url": "http://www.pentest.co.uk/documents/ptl-2005-01.html"
},
{
"name": "VU#668193",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/668193"
},
{
"name": "17305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17305/"
},
{
"name": "ADV-2005-2197",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#930345",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/930345"
},
{
"name": "skype-uri-bo(22848)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22848"
},
{
"name": "15190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15190"
},
{
"name": "http://skype.com/security/skype-sb-2005-02.html",
"refsource": "CONFIRM",
"url": "http://skype.com/security/skype-sb-2005-02.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3265",
"datePublished": "2005-10-27T04:00:00.000Z",
"dateReserved": "2005-10-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:01:59.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2300 (GCVE-0-2005-2300)
Vulnerability from cvelistv5 – Published: 2005-07-19 04:00 – Updated: 2024-08-07 22:22
VLAI
Summary
Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/16105 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=112156036013818&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.zone-h.org/advisories/read/id=7808 | x_refsource_MISC |
Date Public
2005-07-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:47.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16105"
},
{
"name": "20050716 [ZH2005-16SA] Insecure temporary file creation in Skype for Linux",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112156036013818\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zone-h.org/advisories/read/id=7808"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16105"
},
{
"name": "20050716 [ZH2005-16SA] Insecure temporary file creation in Skype for Linux",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112156036013818\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zone-h.org/advisories/read/id=7808"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16105"
},
{
"name": "20050716 [ZH2005-16SA] Insecure temporary file creation in Skype for Linux",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112156036013818\u0026w=2"
},
{
"name": "http://www.zone-h.org/advisories/read/id=7808",
"refsource": "MISC",
"url": "http://www.zone-h.org/advisories/read/id=7808"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2300",
"datePublished": "2005-07-19T04:00:00.000Z",
"dateReserved": "2005-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:22:47.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1777 (GCVE-0-2004-1777)
Vulnerability from cvelistv5 – Published: 2005-05-03 04:00 – Updated: 2024-08-08 01:00
VLAI
Summary
A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.skype.com/security/ssa-2004-01.html | x_refsource_CONFIRM |
| http://lists.virus.org/bugtraq-0406/msg00221.html | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1010490 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/11860 | vdb-entryx_refsource_OSVDB |
Date Public
2004-06-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/ssa-2004-01.html"
},
{
"name": "20040615 Skype URI callto username overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://lists.virus.org/bugtraq-0406/msg00221.html"
},
{
"name": "1010490",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010490"
},
{
"name": "11860",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A \"range check error\" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/ssa-2004-01.html"
},
{
"name": "20040615 Skype URI callto username overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://lists.virus.org/bugtraq-0406/msg00221.html"
},
{
"name": "1010490",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010490"
},
{
"name": "11860",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A \"range check error\" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.skype.com/security/ssa-2004-01.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/ssa-2004-01.html"
},
{
"name": "20040615 Skype URI callto username overflow",
"refsource": "BUGTRAQ",
"url": "http://lists.virus.org/bugtraq-0406/msg00221.html"
},
{
"name": "1010490",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010490"
},
{
"name": "11860",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1777",
"datePublished": "2005-05-03T04:00:00.000Z",
"dateReserved": "2005-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:00:37.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1407 (GCVE-0-2005-1407)
Vulnerability from cvelistv5 – Published: 2005-05-03 04:00 – Updated: 2024-08-07 21:51
VLAI
Summary
Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.skype.com/security/ssa-2005-01.html | x_refsource_CONFIRM |
Date Public
2005-04-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:48.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/ssa-2005-01.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:37:46.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/ssa-2005-01.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.skype.com/security/ssa-2005-01.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/ssa-2005-01.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1407",
"datePublished": "2005-05-03T04:00:00.000Z",
"dateReserved": "2005-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:51:48.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1114 (GCVE-0-2004-1114)
Vulnerability from cvelistv5 – Published: 2004-12-01 05:00 – Updated: 2024-08-08 00:39
VLAI
Summary
Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.skype.com/products/skype/windows/chang… | x_refsource_CONFIRM |
| http://www.skype.com/security/ssa-2004-02.html | x_refsource_CONFIRM |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://marc.info/?l=bugtraq&m=110062240706017&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=110067029422696&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/11682 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/11786 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/13191 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2004-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/products/skype/windows/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/ssa-2004-02.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028852.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110062240706017\u0026w=2"
},
{
"name": "20041115 Re: Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110067029422696\u0026w=2"
},
{
"name": "11682",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11682"
},
{
"name": "11786",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11786"
},
{
"name": "skype-callto-uri-bo(18063)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18063"
},
{
"name": "13191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/products/skype/windows/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/ssa-2004-02.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028852.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110062240706017\u0026w=2"
},
{
"name": "20041115 Re: Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110067029422696\u0026w=2"
},
{
"name": "11682",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11682"
},
{
"name": "11786",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11786"
},
{
"name": "skype-callto-uri-bo(18063)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18063"
},
{
"name": "13191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.skype.com/products/skype/windows/changelog.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/products/skype/windows/changelog.html"
},
{
"name": "http://www.skype.com/security/ssa-2004-02.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/ssa-2004-02.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028852.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110062240706017\u0026w=2"
},
{
"name": "20041115 Re: Skype callto:// BoF technical details",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110067029422696\u0026w=2"
},
{
"name": "11682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11682"
},
{
"name": "11786",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11786"
},
{
"name": "skype-callto-uri-bo(18063)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18063"
},
{
"name": "13191",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1114",
"datePublished": "2004-12-01T05:00:00.000Z",
"dateReserved": "2004-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:39:00.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}