Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| skype | skype | 1.0.0.1 |
| skype | skype | 0.92.0.12 |
Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.
CVSS 2.0
Severity: LOW
Problem Type: CWE-88,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| skype | skype | * |
Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| skype | skype | 1.3.0.60 |
| skype | skype | 0.93.0.18 |
| skype | skype | 3.8.0.115 |
| skype | skype | 1.0.0.10 |
| skype | skype | 3.5.0.178 |
| skype | skype | 3.8.0.154 |
| skype | skype | 0.93.1.1 |
| skype | skype | 3.2.0.148 |
| skype | skype | 0.95.0.25 |
| skype | skype | 3.5.0.107 |
| skype | skype | 0.97.0.3 |
| skype | skype | 3.0.0.154 |
| skype | skype | 1.1.0.6 |
| skype | skype | * |
| skype | skype | 4.0.0.155 |
| skype | skype | 0.98.0.68 |
| skype | skype | 3.0.0.137 |
| skype | skype | 4.1.0.130 |
| skype | skype | 0.98.0.28 |
| skype | skype | 3.0.0.214 |
| skype | skype | 3.0.0.198 |
| skype | skype | 4.0 |
| skype | skype | 3.2.0.152 |
| skype | skype | 4.0.0.168 |
| skype | skype | 1.1.0.79 |
| skype | skype | 2.0.0.107 |
| skype | skype | 3.8.0.188 |
| skype | skype | 2.5.0.126 |
| skype | skype | 0.94.0.19 |
| skype | skype | 2.6.0.81 |
| skype | skype | 3.2.0.145 |
| skype | skype | 3.2.0.115 |
| skype | skype | 3.8.0.180 |
| skype | skype | 0.97.0.1 |
| skype | skype | 4.0.0.216 |
| skype | skype | 1.2.0.37 |
| skype | skype | 4.0.0.181 |
| skype | skype | 1.3.0.48 |
| skype | skype | 4.0.0.206 |
| skype | skype | 2.0.0.103 |
| skype | skype | 3.2.0.175 |
| skype | skype | 4.0.0.166 |
| skype | skype | 3.1.0.147 |
| skype | skype | 3.5.0.239 |
| skype | skype | 3.0.0.217 |
| skype | skype | 3.6.0.216 |
| skype | skype | 4.0.0.226 |
| skype | skype | 2.6.0.103 |
| skype | skype | 4.0.0.145 |
| skype | skype | 3.8.0.139 |
| skype | skype | 1.4.0.78 |
| skype | skype | 3.8.0.144 |
| skype | skype | 4.0.0.161 |
| skype | skype | 1.3.0.57 |
| skype | skype | 3.1.0.150 |
| skype | skype | 0.96.0.3 |
| skype | skype | 3.0.0.216 |
| skype | skype | 3.1.0.152 |
| skype | skype | 1.0.0.97 |
| skype | skype | 2.5.0.141 |
| skype | skype | 1.3.0.51 |
| skype | skype | 2.0.0.105 |
| skype | skype | 2.5.0.82 |
| skype | skype | 1.3.0.45 |
| skype | skype | 1.4.0.71 |
| skype | skype | 2.0.0.97 |
| skype | skype | 2.6.0.97 |
| skype | skype | 1.0.0.100 |
| skype | skype | 3.6.0.159 |
| skype | skype | 2.0.0.79 |
| skype | skype | 2.6.0.67 |
| skype | skype | 3.0.0.123 |
| skype | skype | 3.2.0.53 |
| skype | skype | 3.2.0.158 |
| skype | skype | 3.5.0.234 |
| skype | skype | 3.6.0.244 |
| skype | skype | 3.6.0.248 |
| skype | skype | 0.95.0.40 |
| skype | skype | 2.5.0.122 |
| skype | skype | 0.91.0.2 |
| skype | skype | 4.0.0.176 |
| skype | skype | 0.95.0.11 |
| skype | skype | 0.90.0.5 |
| skype | skype | 2.5.0.130 |
| skype | skype | 1.0.0.18 |
| skype | skype | 1.3.0.66 |
| skype | skype | 1.0.0.9 |
| skype | skype | 3.5.0.229 |
| skype | skype | 3.0.0.218 |
| skype | skype | 2.6.0.74 |
| skype | skype | 4.0.0.150 |
| skype | skype | 0.95.0.36 |
| skype | skype | 1.2.0.41 |
| skype | skype | 4.1.0.141 |
| skype | skype | 3.6.0.127 |
| skype | skype | 0.98.0.6 |
| skype | skype | 0.96.0.1 |
| skype | skype | 2.0.0.73 |
| skype | skype | 3.2.0.63 |
| skype | skype | 3.5.0.158 |
| skype | skype | 0.92.0.4 |
| skype | skype | 0.90.0.10 |
| skype | skype | 2.5.0.72 |
| skype | skype | 3.0.0.205 |
| skype | skype | 4.1.0.136 |
| skype | skype | 3.0.0.106 |
| skype | skype | 3.1.0.144 |
| skype | skype | 2.0.0.90 |
| skype | skype | 3.1.0.112 |
| skype | skype | 4.0.0.169 |
| skype | skype | 1.0.0.94 |
| skype | skype | 2.5.0.154 |
| skype | skype | 3.0.0.190 |
| skype | skype | 1.1.0.73 |
| skype | skype | 1.0.0.106 |
| skype | skype | 1.4.0.84 |
| skype | skype | 0.98.0.42 |
| skype | skype | 1.0.0.29 |
| skype | skype | 1.3.0.54 |
| skype | skype | 4.0.0.227 |
| skype | skype | 2.5.0.91 |
| skype | skype | 2.5.0.137 |
| skype | skype | 2.5.0.151 |
| skype | skype | 3.5.0.214 |
| skype | skype | 2.5.0.113 |
| skype | skype | 2.0.0.81 |
| skype | skype | 1.2.0.48 |
| skype | skype | 3.2.0.82 |
| skype | skype | 0.94.0.28 |
| skype | skype | 3.2.0.163 |
| skype | skype | 4.0.0.215 |
| skype | skype | 2.6.0.105 |
| skype | skype | 3.8.0.96 |
| skype | skype | 0.98.0.04 |
| skype | skype | 0.97.0.40 |
| skype | skype | 3.1.0.134 |
| skype | skype | 1.3.0.55 |
| skype | skype | 3.0.0.209 |
| skype | skype | 2.0.0.69 |
| skype | skype | 0.97.0.6 |
| skype | skype | 4.0.0.224 |
| skype | skype | 3.5.0.202 |
Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| skype | skype | 1.3.0.60 |
| skype | skype | 0.93.0.18 |
| skype | skype | 3.8.0.115 |
| skype | skype | 1.0.0.10 |
| skype | skype | 3.5.0.178 |
| skype | skype | 3.8.0.154 |
| skype | skype | 0.93.1.1 |
| skype | skype | 3.2.0.148 |
| skype | skype | 0.95.0.25 |
| skype | skype | 3.5.0.107 |
| skype | skype | 0.97.0.3 |
| skype | skype | 3.0.0.154 |
| skype | skype | 1.1.0.6 |
| skype | skype | * |
| skype | skype | 4.0.0.155 |
| skype | skype | 0.98.0.68 |
| skype | skype | 3.0.0.137 |
| skype | skype | 4.1.0.130 |
| skype | skype | 0.98.0.28 |
| skype | skype | 3.0.0.214 |
| skype | skype | 3.0.0.198 |
| skype | skype | 4.0 |
| skype | skype | 3.2.0.152 |
| skype | skype | 4.0.0.168 |
| skype | skype | 1.1.0.79 |
| skype | skype | 2.0.0.107 |
| skype | skype | 4.2.0.152 |
| skype | skype | 4.2.0.163 |
| skype | skype | 3.8.0.188 |
| skype | skype | 2.5.0.126 |
| skype | skype | 0.94.0.19 |
| skype | skype | 2.6.0.81 |
| skype | skype | 3.2.0.145 |
| skype | skype | 3.2.0.115 |
| skype | skype | 3.8.0.180 |
| skype | skype | 0.97.0.1 |
| skype | skype | 4.0.0.216 |
| skype | skype | 1.2.0.37 |
| skype | skype | 4.0.0.181 |
| skype | skype | 1.3.0.48 |
| skype | skype | 4.0.0.206 |
| skype | skype | 2.0.0.103 |
| skype | skype | 3.2.0.175 |
| skype | skype | 4.0.0.166 |
| skype | skype | 3.1.0.147 |
| skype | skype | 3.5.0.239 |
| skype | skype | 3.0.0.217 |
| skype | skype | 3.6.0.216 |
| skype | skype | 4.0.0.226 |
| skype | skype | 2.6.0.103 |
| skype | skype | 4.0.0.145 |
| skype | skype | 3.8.0.139 |
| skype | skype | 1.4.0.78 |
| skype | skype | 3.8.0.144 |
| skype | skype | 4.0.0.161 |
| skype | skype | 1.3.0.57 |
| skype | skype | 3.1.0.150 |
| skype | skype | 0.96.0.3 |
| skype | skype | 3.0.0.216 |
| skype | skype | 3.1.0.152 |
| skype | skype | 4.1.0.166 |
| skype | skype | 1.0.0.97 |
| skype | skype | 2.5.0.141 |
| skype | skype | 1.3.0.51 |
| skype | skype | 2.0.0.105 |
| skype | skype | 2.5.0.82 |
| skype | skype | 1.3.0.45 |
| skype | skype | 1.4.0.71 |
| skype | skype | 2.0.0.97 |
| skype | skype | 2.6.0.97 |
| skype | skype | 1.0.0.100 |
| skype | skype | 3.6.0.159 |
| skype | skype | 2.0.0.79 |
| skype | skype | 4.2.0.158 |
| skype | skype | 2.6.0.67 |
| skype | skype | 3.0.0.123 |
| skype | skype | 3.2.0.53 |
| skype | skype | 3.2.0.158 |
| skype | skype | 3.5.0.234 |
| skype | skype | 3.6.0.244 |
| skype | skype | 3.6.0.248 |
| skype | skype | 0.95.0.40 |
| skype | skype | 2.5.0.122 |
| skype | skype | 0.91.0.2 |
| skype | skype | 4.0.0.176 |
| skype | skype | 0.95.0.11 |
| skype | skype | 0.90.0.5 |
| skype | skype | 2.5.0.130 |
| skype | skype | 1.0.0.18 |
| skype | skype | 1.3.0.66 |
| skype | skype | 1.0.0.9 |
| skype | skype | 3.5.0.229 |
| skype | skype | 3.0.0.218 |
| skype | skype | 2.6.0.74 |
| skype | skype | 4.0.0.150 |
| skype | skype | 0.95.0.36 |
| skype | skype | 1.2.0.41 |
| skype | skype | 4.1.0.141 |
| skype | skype | 3.6.0.127 |
| skype | skype | 0.98.0.6 |
| skype | skype | 0.96.0.1 |
| skype | skype | 2.0.0.73 |
| skype | skype | 3.2.0.63 |
| skype | skype | 3.5.0.158 |
| skype | skype | 0.92.0.4 |
| skype | skype | 0.90.0.10 |
| skype | skype | 2.5.0.72 |
| skype | skype | 3.0.0.205 |
| skype | skype | 4.2.0.166 |
| skype | skype | 4.1.0.136 |
| skype | skype | 3.0.0.106 |
| skype | skype | 3.1.0.144 |
| skype | skype | 2.0.0.90 |
| skype | skype | 3.1.0.112 |
| skype | skype | 4.0.0.169 |
| skype | skype | 1.0.0.94 |
| skype | skype | 2.5.0.154 |
| skype | skype | 3.0.0.190 |
| skype | skype | 1.1.0.73 |
| skype | skype | 1.0.0.106 |
| skype | skype | 1.4.0.84 |
| skype | skype | 4.2.0.141 |
| skype | skype | 0.98.0.42 |
| skype | skype | 1.0.0.29 |
| skype | skype | 1.3.0.54 |
| skype | skype | 4.0.0.227 |
| skype | skype | 2.5.0.91 |
| skype | skype | 2.5.0.137 |
| skype | skype | 2.5.0.151 |
| skype | skype | 4.2.0.155 |
| skype | skype | 3.5.0.214 |
| skype | skype | 2.5.0.113 |
| skype | skype | 2.0.0.81 |
| skype | skype | 1.2.0.48 |
| skype | skype | 3.2.0.82 |
| skype | skype | 0.94.0.28 |
| skype | skype | 3.2.0.163 |
| skype | skype | 4.0.0.215 |
| skype | skype | 2.6.0.105 |
| skype | skype | 3.8.0.96 |
| skype | skype | 0.98.0.04 |
| skype | skype | 0.97.0.40 |
| skype | skype | 3.1.0.134 |
| skype | skype | 1.3.0.55 |
| skype | skype | 3.0.0.209 |
| skype | skype | 2.0.0.69 |
| skype | skype | 0.97.0.6 |
| skype | skype | 4.0.0.224 |
| skype | skype | 3.5.0.202 |
| skype | skype | 4.1.0.179 |
Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| skype | skype_for_android | * |
Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a crafted message.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| skype | skype | 5.0.0.123 |
| skype | skype | 5.0.0.105 |
| skype | skype | 5.0.0.156 |
| skype | skype | 5.1.0.104 |
| skype | skype | 5.1.0.112 |
| skype | skype | 5.0.0.152 |
Skype for Consumer Remote Code Execution Vulnerability
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secure@microsoft.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| skype | skype | * |