Search criteria
28 vulnerabilities found for skype by skype_technologies
CVE-2008-1805 (GCVE-0-2008-1805)
Vulnerability from nvd – Published: 2008-06-06 22:00 – Updated: 2024-08-07 08:32
VLAI?
Summary
Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30547"
},
{
"name": "ADV-2008-1749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30547"
},
{
"name": "ADV-2008-1749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30547"
},
{
"name": "ADV-2008-1749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"name": "http://www.skype.com/security/skype-sb-2008-003.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1805",
"datePublished": "2008-06-06T22:00:00",
"dateReserved": "2008-04-15T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2545 (GCVE-0-2008-2545)
Vulnerability from nvd – Published: 2008-06-06 22:00 – Updated: 2024-08-07 09:05
VLAI?
Summary
Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:05:29.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30547"
},
{
"name": "skype-fileuri-case-security-bypass(43044)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43044"
},
{
"name": "ADV-2008-1749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30547"
},
{
"name": "skype-fileuri-case-security-bypass(43044)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43044"
},
{
"name": "ADV-2008-1749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30547"
},
{
"name": "skype-fileuri-case-security-bypass(43044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43044"
},
{
"name": "ADV-2008-1749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"name": "http://www.skype.com/security/skype-sb-2008-003.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2545",
"datePublished": "2008-06-06T22:00:00",
"dateReserved": "2008-06-04T00:00:00",
"dateUpdated": "2024-08-07T09:05:29.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0583 (GCVE-0-2008-0583)
Vulnerability from nvd – Published: 2008-02-05 02:00 – Updated: 2024-08-07 07:54
VLAI?
Summary
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:21.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#794236",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/794236"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://skype.com/security/skype-sb-2008-001-update1.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) \"Add video to chat\" or (2) \"Add video to mood\" dialog, a different vector than CVE-2008-0454."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#794236",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/794236"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://skype.com/security/skype-sb-2008-001-update1.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) \"Add video to chat\" or (2) \"Add video to mood\" dialog, a different vector than CVE-2008-0454."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"name": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx",
"refsource": "MISC",
"url": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx"
},
{
"name": "27338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#794236",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/794236"
},
{
"name": "http://skype.com/security/skype-sb-2008-001-update1.htm",
"refsource": "MISC",
"url": "http://skype.com/security/skype-sb-2008-001-update1.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0583",
"datePublished": "2008-02-05T02:00:00",
"dateReserved": "2008-02-04T00:00:00",
"dateUpdated": "2024-08-07T07:54:21.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0582 (GCVE-0-2008-0582)
Vulnerability from nvd – Published: 2008-02-05 02:00 – Updated: 2024-08-07 07:54
VLAI?
Summary
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:21.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "20080131 Attackers can SkypeFind you",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487370/100/0/threaded"
},
{
"name": "VU#794236",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/794236"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "20080131 Attackers can SkypeFind you",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487370/100/0/threaded"
},
{
"name": "VU#794236",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/794236"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx",
"refsource": "MISC",
"url": "http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx"
},
{
"name": "27338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "20080131 Attackers can SkypeFind you",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487370/100/0/threaded"
},
{
"name": "VU#794236",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/794236"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0582",
"datePublished": "2008-02-05T02:00:00",
"dateReserved": "2008-02-04T00:00:00",
"dateUpdated": "2024-08-07T07:54:21.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0454 (GCVE-0-2008-0454)
Vulnerability from nvd – Published: 2008-01-25 00:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"name": "20080117 Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0337.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.critical.lt/?opinions/show/1470"
},
{
"name": "20080117 RE: Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486512/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx"
},
{
"name": "20080117 Re: Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0363.html"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#248184",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/248184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/vulnerabilities-in-skype"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://skype.com/security/skype-sb-2008-001-update1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html"
},
{
"name": "ADV-2008-0194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0194"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://skype.com/security/skype-sb-2008-001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the \"Add video to chat\" dialog, aka \"videomood XSS.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"name": "20080117 Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0337.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.critical.lt/?opinions/show/1470"
},
{
"name": "20080117 RE: Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486512/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx"
},
{
"name": "20080117 Re: Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0363.html"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#248184",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/248184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/vulnerabilities-in-skype"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://skype.com/security/skype-sb-2008-001-update1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html"
},
{
"name": "ADV-2008-0194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0194"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://skype.com/security/skype-sb-2008-001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the \"Add video to chat\" dialog, aka \"videomood XSS.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"name": "20080117 Skype videomood XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0337.html"
},
{
"name": "http://www.critical.lt/?opinions/show/1470",
"refsource": "MISC",
"url": "http://www.critical.lt/?opinions/show/1470"
},
{
"name": "20080117 RE: Skype videomood XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486512/100/0/threaded"
},
{
"name": "http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx",
"refsource": "MISC",
"url": "http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx"
},
{
"name": "20080117 Re: Skype videomood XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0363.html"
},
{
"name": "27338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#248184",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/248184"
},
{
"name": "http://www.gnucitizen.org/blog/vulnerabilities-in-skype",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/vulnerabilities-in-skype"
},
{
"name": "http://skype.com/security/skype-sb-2008-001-update1.html",
"refsource": "CONFIRM",
"url": "http://skype.com/security/skype-sb-2008-001-update1.html"
},
{
"name": "http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html",
"refsource": "CONFIRM",
"url": "http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html"
},
{
"name": "ADV-2008-0194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0194"
},
{
"name": "http://skype.com/security/skype-sb-2008-001.html",
"refsource": "CONFIRM",
"url": "http://skype.com/security/skype-sb-2008-001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0454",
"datePublished": "2008-01-25T00:00:00",
"dateReserved": "2008-01-24T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5989 (GCVE-0-2007-5989)
Vulnerability from nvd – Published: 2007-12-13 21:00 – Updated: 2024-08-07 15:47
VLAI?
Summary
Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-4110",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4110"
},
{
"name": "1019056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019056"
},
{
"name": "27934",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27934"
},
{
"name": "3440",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3440"
},
{
"name": "20071206 ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484703/100/0/threaded"
},
{
"name": "39170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39170"
},
{
"name": "26748",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-070.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via \"short string values\" that result in heap corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-4110",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4110"
},
{
"name": "1019056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019056"
},
{
"name": "27934",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27934"
},
{
"name": "3440",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3440"
},
{
"name": "20071206 ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484703/100/0/threaded"
},
{
"name": "39170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39170"
},
{
"name": "26748",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-070.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via \"short string values\" that result in heap corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-4110",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4110"
},
{
"name": "1019056",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019056"
},
{
"name": "27934",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27934"
},
{
"name": "3440",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3440"
},
{
"name": "20071206 ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484703/100/0/threaded"
},
{
"name": "39170",
"refsource": "OSVDB",
"url": "http://osvdb.org/39170"
},
{
"name": "26748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26748"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-070.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-070.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5989",
"datePublished": "2007-12-13T21:00:00",
"dateReserved": "2007-11-14T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4429 (GCVE-0-2007-4429)
Vulnerability from nvd – Published: 2007-08-20 19:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a "call to a specific number." NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the "sign-on issues" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070820 Re: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477156/100/0/threaded"
},
{
"name": "20070820 Re[2]: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477240/100/0/threaded"
},
{
"name": "3032",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3032"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.securitylab.ru/poc/extra/301419.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitylab.ru/news/301422.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.securitylab.ru/poc/301420.php"
},
{
"name": "20070820 RE: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477178/100/0/threaded"
},
{
"name": "20070817 Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476942/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a \"call to a specific number.\" NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the \"sign-on issues\" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070820 Re: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477156/100/0/threaded"
},
{
"name": "20070820 Re[2]: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477240/100/0/threaded"
},
{
"name": "3032",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3032"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.securitylab.ru/poc/extra/301419.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitylab.ru/news/301422.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.securitylab.ru/poc/301420.php"
},
{
"name": "20070820 RE: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477178/100/0/threaded"
},
{
"name": "20070817 Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476942/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a \"call to a specific number.\" NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the \"sign-on issues\" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070820 Re: Skype Network Remote DoS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477156/100/0/threaded"
},
{
"name": "20070820 Re[2]: Skype Network Remote DoS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477240/100/0/threaded"
},
{
"name": "3032",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3032"
},
{
"name": "http://en.securitylab.ru/poc/extra/301419.php",
"refsource": "MISC",
"url": "http://en.securitylab.ru/poc/extra/301419.php"
},
{
"name": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html",
"refsource": "MISC",
"url": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html"
},
{
"name": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates",
"refsource": "MISC",
"url": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates"
},
{
"name": "http://www.securitylab.ru/news/301422.php",
"refsource": "MISC",
"url": "http://www.securitylab.ru/news/301422.php"
},
{
"name": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html",
"refsource": "MISC",
"url": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html"
},
{
"name": "http://en.securitylab.ru/poc/301420.php",
"refsource": "MISC",
"url": "http://en.securitylab.ru/poc/301420.php"
},
{
"name": "20070820 RE: Skype Network Remote DoS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477178/100/0/threaded"
},
{
"name": "20070817 Skype Network Remote DoS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476942/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4429",
"datePublished": "2007-08-20T19:00:00",
"dateReserved": "2007-08-20T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5084 (GCVE-0-2006-5084)
Vulnerability from nvd – Published: 2006-09-29 00:00 – Updated: 2024-08-07 19:41
VLAI?
Summary
Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:03.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#202604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/202604"
},
{
"name": "22185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22185/"
},
{
"name": "ADV-2006-3895",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3895"
},
{
"name": "1016966",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016966"
},
{
"name": "20218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20218"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security-protocols.com/vids/skype_osx_0day.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/skype-sb-2006-002.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#202604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/202604"
},
{
"name": "22185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22185/"
},
{
"name": "ADV-2006-3895",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3895"
},
{
"name": "1016966",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016966"
},
{
"name": "20218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20218"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security-protocols.com/vids/skype_osx_0day.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/skype-sb-2006-002.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3259"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#202604",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/202604"
},
{
"name": "22185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22185/"
},
{
"name": "ADV-2006-3895",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3895"
},
{
"name": "1016966",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016966"
},
{
"name": "20218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20218"
},
{
"name": "http://security-protocols.com/vids/skype_osx_0day.htm",
"refsource": "MISC",
"url": "http://security-protocols.com/vids/skype_osx_0day.htm"
},
{
"name": "http://www.skype.com/security/skype-sb-2006-002.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/skype-sb-2006-002.html"
},
{
"name": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3259",
"refsource": "MISC",
"url": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3259"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5084",
"datePublished": "2006-09-29T00:00:00",
"dateReserved": "2006-09-28T00:00:00",
"dateUpdated": "2024-08-07T19:41:03.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3267 (GCVE-0-2005-3267)
Vulnerability from nvd – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:01
VLAI?
Summary
Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:59.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "skype-client-udp-bo(22850)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22850"
},
{
"name": "17305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17305/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://skype.com/security/skype-sb-2005-03.html"
},
{
"name": "20051025 Skype security advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113026202728568\u0026w=2"
},
{
"name": "20306",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20306"
},
{
"name": "ADV-2005-2197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#905177",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/905177"
},
{
"name": "15192",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15192"
},
{
"name": "115",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/115"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "skype-client-udp-bo(22850)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22850"
},
{
"name": "17305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17305/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://skype.com/security/skype-sb-2005-03.html"
},
{
"name": "20051025 Skype security advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113026202728568\u0026w=2"
},
{
"name": "20306",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20306"
},
{
"name": "ADV-2005-2197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#905177",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/905177"
},
{
"name": "15192",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15192"
},
{
"name": "115",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/115"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "skype-client-udp-bo(22850)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22850"
},
{
"name": "17305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17305/"
},
{
"name": "http://skype.com/security/skype-sb-2005-03.html",
"refsource": "CONFIRM",
"url": "http://skype.com/security/skype-sb-2005-03.html"
},
{
"name": "20051025 Skype security advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113026202728568\u0026w=2"
},
{
"name": "20306",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20306"
},
{
"name": "ADV-2005-2197",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#905177",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/905177"
},
{
"name": "15192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15192"
},
{
"name": "115",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/115"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3267",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-20T00:00:00",
"dateUpdated": "2024-08-07T23:01:59.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3265 (GCVE-0-2005-3265)
Vulnerability from nvd – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:01
VLAI?
Summary
Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:59.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pentest.co.uk/documents/ptl-2005-01.html"
},
{
"name": "VU#668193",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/668193"
},
{
"name": "17305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17305/"
},
{
"name": "ADV-2005-2197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#930345",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/930345"
},
{
"name": "skype-uri-bo(22848)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22848"
},
{
"name": "15190",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://skype.com/security/skype-sb-2005-02.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pentest.co.uk/documents/ptl-2005-01.html"
},
{
"name": "VU#668193",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/668193"
},
{
"name": "17305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17305/"
},
{
"name": "ADV-2005-2197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#930345",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/930345"
},
{
"name": "skype-uri-bo(22848)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22848"
},
{
"name": "15190",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://skype.com/security/skype-sb-2005-02.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pentest.co.uk/documents/ptl-2005-01.html",
"refsource": "MISC",
"url": "http://www.pentest.co.uk/documents/ptl-2005-01.html"
},
{
"name": "VU#668193",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/668193"
},
{
"name": "17305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17305/"
},
{
"name": "ADV-2005-2197",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#930345",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/930345"
},
{
"name": "skype-uri-bo(22848)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22848"
},
{
"name": "15190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15190"
},
{
"name": "http://skype.com/security/skype-sb-2005-02.html",
"refsource": "CONFIRM",
"url": "http://skype.com/security/skype-sb-2005-02.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3265",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-20T00:00:00",
"dateUpdated": "2024-08-07T23:01:59.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2300 (GCVE-0-2005-2300)
Vulnerability from nvd – Published: 2005-07-19 04:00 – Updated: 2024-08-07 22:22
VLAI?
Summary
Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:47.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16105"
},
{
"name": "20050716 [ZH2005-16SA] Insecure temporary file creation in Skype for Linux",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112156036013818\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zone-h.org/advisories/read/id=7808"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16105"
},
{
"name": "20050716 [ZH2005-16SA] Insecure temporary file creation in Skype for Linux",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112156036013818\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zone-h.org/advisories/read/id=7808"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16105"
},
{
"name": "20050716 [ZH2005-16SA] Insecure temporary file creation in Skype for Linux",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112156036013818\u0026w=2"
},
{
"name": "http://www.zone-h.org/advisories/read/id=7808",
"refsource": "MISC",
"url": "http://www.zone-h.org/advisories/read/id=7808"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2300",
"datePublished": "2005-07-19T04:00:00",
"dateReserved": "2005-07-19T00:00:00",
"dateUpdated": "2024-08-07T22:22:47.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1407 (GCVE-0-2005-1407)
Vulnerability from nvd – Published: 2005-05-03 04:00 – Updated: 2024-08-07 21:51
VLAI?
Summary
Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:48.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/ssa-2005-01.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:37:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/ssa-2005-01.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.skype.com/security/ssa-2005-01.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/ssa-2005-01.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1407",
"datePublished": "2005-05-03T04:00:00",
"dateReserved": "2005-05-03T00:00:00",
"dateUpdated": "2024-08-07T21:51:48.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1114 (GCVE-0-2004-1114)
Vulnerability from nvd – Published: 2004-12-01 05:00 – Updated: 2024-08-08 00:39
VLAI?
Summary
Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/products/skype/windows/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/ssa-2004-02.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028852.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110062240706017\u0026w=2"
},
{
"name": "20041115 Re: Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110067029422696\u0026w=2"
},
{
"name": "11682",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11682"
},
{
"name": "11786",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11786"
},
{
"name": "skype-callto-uri-bo(18063)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18063"
},
{
"name": "13191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/products/skype/windows/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/ssa-2004-02.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028852.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110062240706017\u0026w=2"
},
{
"name": "20041115 Re: Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110067029422696\u0026w=2"
},
{
"name": "11682",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11682"
},
{
"name": "11786",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11786"
},
{
"name": "skype-callto-uri-bo(18063)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18063"
},
{
"name": "13191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.skype.com/products/skype/windows/changelog.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/products/skype/windows/changelog.html"
},
{
"name": "http://www.skype.com/security/ssa-2004-02.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/ssa-2004-02.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028852.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110062240706017\u0026w=2"
},
{
"name": "20041115 Re: Skype callto:// BoF technical details",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110067029422696\u0026w=2"
},
{
"name": "11682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11682"
},
{
"name": "11786",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11786"
},
{
"name": "skype-callto-uri-bo(18063)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18063"
},
{
"name": "13191",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1114",
"datePublished": "2004-12-01T05:00:00",
"dateReserved": "2004-11-30T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1777 (GCVE-0-2004-1777)
Vulnerability from nvd – Published: 2005-05-03 04:00 – Updated: 2024-08-08 01:00
VLAI?
Summary
A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/ssa-2004-01.html"
},
{
"name": "20040615 Skype URI callto username overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://lists.virus.org/bugtraq-0406/msg00221.html"
},
{
"name": "1010490",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010490"
},
{
"name": "11860",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A \"range check error\" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/ssa-2004-01.html"
},
{
"name": "20040615 Skype URI callto username overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://lists.virus.org/bugtraq-0406/msg00221.html"
},
{
"name": "1010490",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010490"
},
{
"name": "11860",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A \"range check error\" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.skype.com/security/ssa-2004-01.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/ssa-2004-01.html"
},
{
"name": "20040615 Skype URI callto username overflow",
"refsource": "BUGTRAQ",
"url": "http://lists.virus.org/bugtraq-0406/msg00221.html"
},
{
"name": "1010490",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010490"
},
{
"name": "11860",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1777",
"datePublished": "2005-05-03T04:00:00",
"dateReserved": "2005-05-03T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1805 (GCVE-0-2008-1805)
Vulnerability from cvelistv5 – Published: 2008-06-06 22:00 – Updated: 2024-08-07 08:32
VLAI?
Summary
Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30547"
},
{
"name": "ADV-2008-1749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30547"
},
{
"name": "ADV-2008-1749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30547"
},
{
"name": "ADV-2008-1749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"name": "http://www.skype.com/security/skype-sb-2008-003.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1805",
"datePublished": "2008-06-06T22:00:00",
"dateReserved": "2008-04-15T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2545 (GCVE-0-2008-2545)
Vulnerability from cvelistv5 – Published: 2008-06-06 22:00 – Updated: 2024-08-07 09:05
VLAI?
Summary
Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:05:29.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30547"
},
{
"name": "skype-fileuri-case-security-bypass(43044)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43044"
},
{
"name": "ADV-2008-1749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30547"
},
{
"name": "skype-fileuri-case-security-bypass(43044)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43044"
},
{
"name": "ADV-2008-1749",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020201"
},
{
"name": "30547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30547"
},
{
"name": "skype-fileuri-case-security-bypass(43044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43044"
},
{
"name": "ADV-2008-1749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1749/references"
},
{
"name": "29553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29553"
},
{
"name": "20080604 Skype File URI Security Bypass Code Execution Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711"
},
{
"name": "http://www.skype.com/security/skype-sb-2008-003.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/skype-sb-2008-003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2545",
"datePublished": "2008-06-06T22:00:00",
"dateReserved": "2008-06-04T00:00:00",
"dateUpdated": "2024-08-07T09:05:29.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0583 (GCVE-0-2008-0583)
Vulnerability from cvelistv5 – Published: 2008-02-05 02:00 – Updated: 2024-08-07 07:54
VLAI?
Summary
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:21.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#794236",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/794236"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://skype.com/security/skype-sb-2008-001-update1.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) \"Add video to chat\" or (2) \"Add video to mood\" dialog, a different vector than CVE-2008-0454."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#794236",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/794236"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://skype.com/security/skype-sb-2008-001-update1.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) \"Add video to chat\" or (2) \"Add video to mood\" dialog, a different vector than CVE-2008-0454."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"name": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx",
"refsource": "MISC",
"url": "http://aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx"
},
{
"name": "27338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#794236",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/794236"
},
{
"name": "http://skype.com/security/skype-sb-2008-001-update1.htm",
"refsource": "MISC",
"url": "http://skype.com/security/skype-sb-2008-001-update1.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0583",
"datePublished": "2008-02-05T02:00:00",
"dateReserved": "2008-02-04T00:00:00",
"dateUpdated": "2024-08-07T07:54:21.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0582 (GCVE-0-2008-0582)
Vulnerability from cvelistv5 – Published: 2008-02-05 02:00 – Updated: 2024-08-07 07:54
VLAI?
Summary
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:21.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "20080131 Attackers can SkypeFind you",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487370/100/0/threaded"
},
{
"name": "VU#794236",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/794236"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "20080131 Attackers can SkypeFind you",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487370/100/0/threaded"
},
{
"name": "VU#794236",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/794236"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx",
"refsource": "MISC",
"url": "http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx"
},
{
"name": "27338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "20080131 Attackers can SkypeFind you",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487370/100/0/threaded"
},
{
"name": "VU#794236",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/794236"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0582",
"datePublished": "2008-02-05T02:00:00",
"dateReserved": "2008-02-04T00:00:00",
"dateUpdated": "2024-08-07T07:54:21.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0454 (GCVE-0-2008-0454)
Vulnerability from cvelistv5 – Published: 2008-01-25 00:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"name": "20080117 Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0337.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.critical.lt/?opinions/show/1470"
},
{
"name": "20080117 RE: Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486512/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx"
},
{
"name": "20080117 Re: Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0363.html"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#248184",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/248184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/vulnerabilities-in-skype"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://skype.com/security/skype-sb-2008-001-update1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html"
},
{
"name": "ADV-2008-0194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0194"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://skype.com/security/skype-sb-2008-001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the \"Add video to chat\" dialog, aka \"videomood XSS.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"name": "20080117 Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0337.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.critical.lt/?opinions/show/1470"
},
{
"name": "20080117 RE: Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486512/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx"
},
{
"name": "20080117 Re: Skype videomood XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0363.html"
},
{
"name": "27338",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#248184",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/248184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/vulnerabilities-in-skype"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://skype.com/security/skype-sb-2008-001-update1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html"
},
{
"name": "ADV-2008-0194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0194"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://skype.com/security/skype-sb-2008-001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the \"Add video to chat\" dialog, aka \"videomood XSS.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"name": "20080117 Skype videomood XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0337.html"
},
{
"name": "http://www.critical.lt/?opinions/show/1470",
"refsource": "MISC",
"url": "http://www.critical.lt/?opinions/show/1470"
},
{
"name": "20080117 RE: Skype videomood XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486512/100/0/threaded"
},
{
"name": "http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx",
"refsource": "MISC",
"url": "http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx"
},
{
"name": "20080117 Re: Skype videomood XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0363.html"
},
{
"name": "27338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#248184",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/248184"
},
{
"name": "http://www.gnucitizen.org/blog/vulnerabilities-in-skype",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/vulnerabilities-in-skype"
},
{
"name": "http://skype.com/security/skype-sb-2008-001-update1.html",
"refsource": "CONFIRM",
"url": "http://skype.com/security/skype-sb-2008-001-update1.html"
},
{
"name": "http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html",
"refsource": "CONFIRM",
"url": "http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html"
},
{
"name": "ADV-2008-0194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0194"
},
{
"name": "http://skype.com/security/skype-sb-2008-001.html",
"refsource": "CONFIRM",
"url": "http://skype.com/security/skype-sb-2008-001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0454",
"datePublished": "2008-01-25T00:00:00",
"dateReserved": "2008-01-24T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5989 (GCVE-0-2007-5989)
Vulnerability from cvelistv5 – Published: 2007-12-13 21:00 – Updated: 2024-08-07 15:47
VLAI?
Summary
Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-4110",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4110"
},
{
"name": "1019056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019056"
},
{
"name": "27934",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27934"
},
{
"name": "3440",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3440"
},
{
"name": "20071206 ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484703/100/0/threaded"
},
{
"name": "39170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39170"
},
{
"name": "26748",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-070.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via \"short string values\" that result in heap corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-4110",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4110"
},
{
"name": "1019056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019056"
},
{
"name": "27934",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27934"
},
{
"name": "3440",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3440"
},
{
"name": "20071206 ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484703/100/0/threaded"
},
{
"name": "39170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39170"
},
{
"name": "26748",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-070.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via \"short string values\" that result in heap corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-4110",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4110"
},
{
"name": "1019056",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019056"
},
{
"name": "27934",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27934"
},
{
"name": "3440",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3440"
},
{
"name": "20071206 ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484703/100/0/threaded"
},
{
"name": "39170",
"refsource": "OSVDB",
"url": "http://osvdb.org/39170"
},
{
"name": "26748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26748"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-070.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-070.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5989",
"datePublished": "2007-12-13T21:00:00",
"dateReserved": "2007-11-14T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4429 (GCVE-0-2007-4429)
Vulnerability from cvelistv5 – Published: 2007-08-20 19:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a "call to a specific number." NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the "sign-on issues" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070820 Re: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477156/100/0/threaded"
},
{
"name": "20070820 Re[2]: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477240/100/0/threaded"
},
{
"name": "3032",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3032"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.securitylab.ru/poc/extra/301419.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitylab.ru/news/301422.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.securitylab.ru/poc/301420.php"
},
{
"name": "20070820 RE: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477178/100/0/threaded"
},
{
"name": "20070817 Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476942/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a \"call to a specific number.\" NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the \"sign-on issues\" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070820 Re: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477156/100/0/threaded"
},
{
"name": "20070820 Re[2]: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477240/100/0/threaded"
},
{
"name": "3032",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3032"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.securitylab.ru/poc/extra/301419.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitylab.ru/news/301422.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.securitylab.ru/poc/301420.php"
},
{
"name": "20070820 RE: Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477178/100/0/threaded"
},
{
"name": "20070817 Skype Network Remote DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476942/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a \"call to a specific number.\" NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the \"sign-on issues\" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070820 Re: Skype Network Remote DoS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477156/100/0/threaded"
},
{
"name": "20070820 Re[2]: Skype Network Remote DoS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477240/100/0/threaded"
},
{
"name": "3032",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3032"
},
{
"name": "http://en.securitylab.ru/poc/extra/301419.php",
"refsource": "MISC",
"url": "http://en.securitylab.ru/poc/extra/301419.php"
},
{
"name": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html",
"refsource": "MISC",
"url": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html"
},
{
"name": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates",
"refsource": "MISC",
"url": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates"
},
{
"name": "http://www.securitylab.ru/news/301422.php",
"refsource": "MISC",
"url": "http://www.securitylab.ru/news/301422.php"
},
{
"name": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html",
"refsource": "MISC",
"url": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html"
},
{
"name": "http://en.securitylab.ru/poc/301420.php",
"refsource": "MISC",
"url": "http://en.securitylab.ru/poc/301420.php"
},
{
"name": "20070820 RE: Skype Network Remote DoS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477178/100/0/threaded"
},
{
"name": "20070817 Skype Network Remote DoS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476942/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4429",
"datePublished": "2007-08-20T19:00:00",
"dateReserved": "2007-08-20T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5084 (GCVE-0-2006-5084)
Vulnerability from cvelistv5 – Published: 2006-09-29 00:00 – Updated: 2024-08-07 19:41
VLAI?
Summary
Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:03.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#202604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/202604"
},
{
"name": "22185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22185/"
},
{
"name": "ADV-2006-3895",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3895"
},
{
"name": "1016966",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016966"
},
{
"name": "20218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20218"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security-protocols.com/vids/skype_osx_0day.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/skype-sb-2006-002.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#202604",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/202604"
},
{
"name": "22185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22185/"
},
{
"name": "ADV-2006-3895",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3895"
},
{
"name": "1016966",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016966"
},
{
"name": "20218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20218"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security-protocols.com/vids/skype_osx_0day.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/skype-sb-2006-002.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3259"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#202604",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/202604"
},
{
"name": "22185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22185/"
},
{
"name": "ADV-2006-3895",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3895"
},
{
"name": "1016966",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016966"
},
{
"name": "20218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20218"
},
{
"name": "http://security-protocols.com/vids/skype_osx_0day.htm",
"refsource": "MISC",
"url": "http://security-protocols.com/vids/skype_osx_0day.htm"
},
{
"name": "http://www.skype.com/security/skype-sb-2006-002.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/skype-sb-2006-002.html"
},
{
"name": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3259",
"refsource": "MISC",
"url": "http://www.security-protocols.com/modules.php?name=News\u0026file=article\u0026sid=3259"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5084",
"datePublished": "2006-09-29T00:00:00",
"dateReserved": "2006-09-28T00:00:00",
"dateUpdated": "2024-08-07T19:41:03.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3267 (GCVE-0-2005-3267)
Vulnerability from cvelistv5 – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:01
VLAI?
Summary
Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:59.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "skype-client-udp-bo(22850)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22850"
},
{
"name": "17305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17305/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://skype.com/security/skype-sb-2005-03.html"
},
{
"name": "20051025 Skype security advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113026202728568\u0026w=2"
},
{
"name": "20306",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20306"
},
{
"name": "ADV-2005-2197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#905177",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/905177"
},
{
"name": "15192",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15192"
},
{
"name": "115",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/115"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "skype-client-udp-bo(22850)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22850"
},
{
"name": "17305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17305/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://skype.com/security/skype-sb-2005-03.html"
},
{
"name": "20051025 Skype security advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113026202728568\u0026w=2"
},
{
"name": "20306",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20306"
},
{
"name": "ADV-2005-2197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#905177",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/905177"
},
{
"name": "15192",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15192"
},
{
"name": "115",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/115"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "skype-client-udp-bo(22850)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22850"
},
{
"name": "17305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17305/"
},
{
"name": "http://skype.com/security/skype-sb-2005-03.html",
"refsource": "CONFIRM",
"url": "http://skype.com/security/skype-sb-2005-03.html"
},
{
"name": "20051025 Skype security advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113026202728568\u0026w=2"
},
{
"name": "20306",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20306"
},
{
"name": "ADV-2005-2197",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#905177",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/905177"
},
{
"name": "15192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15192"
},
{
"name": "115",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/115"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3267",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-20T00:00:00",
"dateUpdated": "2024-08-07T23:01:59.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3265 (GCVE-0-2005-3265)
Vulnerability from cvelistv5 – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:01
VLAI?
Summary
Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:59.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pentest.co.uk/documents/ptl-2005-01.html"
},
{
"name": "VU#668193",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/668193"
},
{
"name": "17305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17305/"
},
{
"name": "ADV-2005-2197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#930345",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/930345"
},
{
"name": "skype-uri-bo(22848)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22848"
},
{
"name": "15190",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://skype.com/security/skype-sb-2005-02.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pentest.co.uk/documents/ptl-2005-01.html"
},
{
"name": "VU#668193",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/668193"
},
{
"name": "17305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17305/"
},
{
"name": "ADV-2005-2197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#930345",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/930345"
},
{
"name": "skype-uri-bo(22848)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22848"
},
{
"name": "15190",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://skype.com/security/skype-sb-2005-02.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pentest.co.uk/documents/ptl-2005-01.html",
"refsource": "MISC",
"url": "http://www.pentest.co.uk/documents/ptl-2005-01.html"
},
{
"name": "VU#668193",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/668193"
},
{
"name": "17305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17305/"
},
{
"name": "ADV-2005-2197",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2197"
},
{
"name": "VU#930345",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/930345"
},
{
"name": "skype-uri-bo(22848)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22848"
},
{
"name": "15190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15190"
},
{
"name": "http://skype.com/security/skype-sb-2005-02.html",
"refsource": "CONFIRM",
"url": "http://skype.com/security/skype-sb-2005-02.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3265",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-20T00:00:00",
"dateUpdated": "2024-08-07T23:01:59.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2300 (GCVE-0-2005-2300)
Vulnerability from cvelistv5 – Published: 2005-07-19 04:00 – Updated: 2024-08-07 22:22
VLAI?
Summary
Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:47.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16105"
},
{
"name": "20050716 [ZH2005-16SA] Insecure temporary file creation in Skype for Linux",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112156036013818\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zone-h.org/advisories/read/id=7808"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16105"
},
{
"name": "20050716 [ZH2005-16SA] Insecure temporary file creation in Skype for Linux",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112156036013818\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zone-h.org/advisories/read/id=7808"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16105"
},
{
"name": "20050716 [ZH2005-16SA] Insecure temporary file creation in Skype for Linux",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112156036013818\u0026w=2"
},
{
"name": "http://www.zone-h.org/advisories/read/id=7808",
"refsource": "MISC",
"url": "http://www.zone-h.org/advisories/read/id=7808"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2300",
"datePublished": "2005-07-19T04:00:00",
"dateReserved": "2005-07-19T00:00:00",
"dateUpdated": "2024-08-07T22:22:47.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1407 (GCVE-0-2005-1407)
Vulnerability from cvelistv5 – Published: 2005-05-03 04:00 – Updated: 2024-08-07 21:51
VLAI?
Summary
Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:48.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/ssa-2005-01.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:37:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/ssa-2005-01.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.skype.com/security/ssa-2005-01.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/ssa-2005-01.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1407",
"datePublished": "2005-05-03T04:00:00",
"dateReserved": "2005-05-03T00:00:00",
"dateUpdated": "2024-08-07T21:51:48.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1777 (GCVE-0-2004-1777)
Vulnerability from cvelistv5 – Published: 2005-05-03 04:00 – Updated: 2024-08-08 01:00
VLAI?
Summary
A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/ssa-2004-01.html"
},
{
"name": "20040615 Skype URI callto username overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://lists.virus.org/bugtraq-0406/msg00221.html"
},
{
"name": "1010490",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010490"
},
{
"name": "11860",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A \"range check error\" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/ssa-2004-01.html"
},
{
"name": "20040615 Skype URI callto username overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://lists.virus.org/bugtraq-0406/msg00221.html"
},
{
"name": "1010490",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010490"
},
{
"name": "11860",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A \"range check error\" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.skype.com/security/ssa-2004-01.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/ssa-2004-01.html"
},
{
"name": "20040615 Skype URI callto username overflow",
"refsource": "BUGTRAQ",
"url": "http://lists.virus.org/bugtraq-0406/msg00221.html"
},
{
"name": "1010490",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010490"
},
{
"name": "11860",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1777",
"datePublished": "2005-05-03T04:00:00",
"dateReserved": "2005-05-03T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1114 (GCVE-0-2004-1114)
Vulnerability from cvelistv5 – Published: 2004-12-01 05:00 – Updated: 2024-08-08 00:39
VLAI?
Summary
Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/products/skype/windows/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.skype.com/security/ssa-2004-02.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028852.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110062240706017\u0026w=2"
},
{
"name": "20041115 Re: Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110067029422696\u0026w=2"
},
{
"name": "11682",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11682"
},
{
"name": "11786",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11786"
},
{
"name": "skype-callto-uri-bo(18063)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18063"
},
{
"name": "13191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/products/skype/windows/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.skype.com/security/ssa-2004-02.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028852.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110062240706017\u0026w=2"
},
{
"name": "20041115 Re: Skype callto:// BoF technical details",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110067029422696\u0026w=2"
},
{
"name": "11682",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11682"
},
{
"name": "11786",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11786"
},
{
"name": "skype-callto-uri-bo(18063)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18063"
},
{
"name": "13191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.skype.com/products/skype/windows/changelog.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/products/skype/windows/changelog.html"
},
{
"name": "http://www.skype.com/security/ssa-2004-02.html",
"refsource": "CONFIRM",
"url": "http://www.skype.com/security/ssa-2004-02.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028852.html"
},
{
"name": "20041116 Skype callto:// BoF technical details",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110062240706017\u0026w=2"
},
{
"name": "20041115 Re: Skype callto:// BoF technical details",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110067029422696\u0026w=2"
},
{
"name": "11682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11682"
},
{
"name": "11786",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11786"
},
{
"name": "skype-callto-uri-bo(18063)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18063"
},
{
"name": "13191",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1114",
"datePublished": "2004-12-01T05:00:00",
"dateReserved": "2004-11-30T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}