MidnightBSD

Advisories for skype

CVE-2004-1778 MEDIUM

Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
skype skype 1.0.0.1
skype skype 0.92.0.12
CVE-2006-2312 LOW

Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.

CVSS 2.0

Severity: LOW

Problem Type: CWE-88,

Products Affected

Vendor Product Version
skype skype *
CVE-2009-4741 HIGH

Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
skype skype 1.3.0.60
skype skype 0.93.0.18
skype skype 3.8.0.115
skype skype 1.0.0.10
skype skype 3.5.0.178
skype skype 3.8.0.154
skype skype 0.93.1.1
skype skype 3.2.0.148
skype skype 0.95.0.25
skype skype 3.5.0.107
skype skype 0.97.0.3
skype skype 3.0.0.154
skype skype 1.1.0.6
skype skype *
skype skype 4.0.0.155
skype skype 0.98.0.68
skype skype 3.0.0.137
skype skype 4.1.0.130
skype skype 0.98.0.28
skype skype 3.0.0.214
skype skype 3.0.0.198
skype skype 4.0
skype skype 3.2.0.152
skype skype 4.0.0.168
skype skype 1.1.0.79
skype skype 2.0.0.107
skype skype 3.8.0.188
skype skype 2.5.0.126
skype skype 0.94.0.19
skype skype 2.6.0.81
skype skype 3.2.0.145
skype skype 3.2.0.115
skype skype 3.8.0.180
skype skype 0.97.0.1
skype skype 4.0.0.216
skype skype 1.2.0.37
skype skype 4.0.0.181
skype skype 1.3.0.48
skype skype 4.0.0.206
skype skype 2.0.0.103
skype skype 3.2.0.175
skype skype 4.0.0.166
skype skype 3.1.0.147
skype skype 3.5.0.239
skype skype 3.0.0.217
skype skype 3.6.0.216
skype skype 4.0.0.226
skype skype 2.6.0.103
skype skype 4.0.0.145
skype skype 3.8.0.139
skype skype 1.4.0.78
skype skype 3.8.0.144
skype skype 4.0.0.161
skype skype 1.3.0.57
skype skype 3.1.0.150
skype skype 0.96.0.3
skype skype 3.0.0.216
skype skype 3.1.0.152
skype skype 1.0.0.97
skype skype 2.5.0.141
skype skype 1.3.0.51
skype skype 2.0.0.105
skype skype 2.5.0.82
skype skype 1.3.0.45
skype skype 1.4.0.71
skype skype 2.0.0.97
skype skype 2.6.0.97
skype skype 1.0.0.100
skype skype 3.6.0.159
skype skype 2.0.0.79
skype skype 2.6.0.67
skype skype 3.0.0.123
skype skype 3.2.0.53
skype skype 3.2.0.158
skype skype 3.5.0.234
skype skype 3.6.0.244
skype skype 3.6.0.248
skype skype 0.95.0.40
skype skype 2.5.0.122
skype skype 0.91.0.2
skype skype 4.0.0.176
skype skype 0.95.0.11
skype skype 0.90.0.5
skype skype 2.5.0.130
skype skype 1.0.0.18
skype skype 1.3.0.66
skype skype 1.0.0.9
skype skype 3.5.0.229
skype skype 3.0.0.218
skype skype 2.6.0.74
skype skype 4.0.0.150
skype skype 0.95.0.36
skype skype 1.2.0.41
skype skype 4.1.0.141
skype skype 3.6.0.127
skype skype 0.98.0.6
skype skype 0.96.0.1
skype skype 2.0.0.73
skype skype 3.2.0.63
skype skype 3.5.0.158
skype skype 0.92.0.4
skype skype 0.90.0.10
skype skype 2.5.0.72
skype skype 3.0.0.205
skype skype 4.1.0.136
skype skype 3.0.0.106
skype skype 3.1.0.144
skype skype 2.0.0.90
skype skype 3.1.0.112
skype skype 4.0.0.169
skype skype 1.0.0.94
skype skype 2.5.0.154
skype skype 3.0.0.190
skype skype 1.1.0.73
skype skype 1.0.0.106
skype skype 1.4.0.84
skype skype 0.98.0.42
skype skype 1.0.0.29
skype skype 1.3.0.54
skype skype 4.0.0.227
skype skype 2.5.0.91
skype skype 2.5.0.137
skype skype 2.5.0.151
skype skype 3.5.0.214
skype skype 2.5.0.113
skype skype 2.0.0.81
skype skype 1.2.0.48
skype skype 3.2.0.82
skype skype 0.94.0.28
skype skype 3.2.0.163
skype skype 4.0.0.215
skype skype 2.6.0.105
skype skype 3.8.0.96
skype skype 0.98.0.04
skype skype 0.97.0.40
skype skype 3.1.0.134
skype skype 1.3.0.55
skype skype 3.0.0.209
skype skype 2.0.0.69
skype skype 0.97.0.6
skype skype 4.0.0.224
skype skype 3.5.0.202
CVE-2010-3136 HIGH

Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
skype skype 1.3.0.60
skype skype 0.93.0.18
skype skype 3.8.0.115
skype skype 1.0.0.10
skype skype 3.5.0.178
skype skype 3.8.0.154
skype skype 0.93.1.1
skype skype 3.2.0.148
skype skype 0.95.0.25
skype skype 3.5.0.107
skype skype 0.97.0.3
skype skype 3.0.0.154
skype skype 1.1.0.6
skype skype *
skype skype 4.0.0.155
skype skype 0.98.0.68
skype skype 3.0.0.137
skype skype 4.1.0.130
skype skype 0.98.0.28
skype skype 3.0.0.214
skype skype 3.0.0.198
skype skype 4.0
skype skype 3.2.0.152
skype skype 4.0.0.168
skype skype 1.1.0.79
skype skype 2.0.0.107
skype skype 4.2.0.152
skype skype 4.2.0.163
skype skype 3.8.0.188
skype skype 2.5.0.126
skype skype 0.94.0.19
skype skype 2.6.0.81
skype skype 3.2.0.145
skype skype 3.2.0.115
skype skype 3.8.0.180
skype skype 0.97.0.1
skype skype 4.0.0.216
skype skype 1.2.0.37
skype skype 4.0.0.181
skype skype 1.3.0.48
skype skype 4.0.0.206
skype skype 2.0.0.103
skype skype 3.2.0.175
skype skype 4.0.0.166
skype skype 3.1.0.147
skype skype 3.5.0.239
skype skype 3.0.0.217
skype skype 3.6.0.216
skype skype 4.0.0.226
skype skype 2.6.0.103
skype skype 4.0.0.145
skype skype 3.8.0.139
skype skype 1.4.0.78
skype skype 3.8.0.144
skype skype 4.0.0.161
skype skype 1.3.0.57
skype skype 3.1.0.150
skype skype 0.96.0.3
skype skype 3.0.0.216
skype skype 3.1.0.152
skype skype 4.1.0.166
skype skype 1.0.0.97
skype skype 2.5.0.141
skype skype 1.3.0.51
skype skype 2.0.0.105
skype skype 2.5.0.82
skype skype 1.3.0.45
skype skype 1.4.0.71
skype skype 2.0.0.97
skype skype 2.6.0.97
skype skype 1.0.0.100
skype skype 3.6.0.159
skype skype 2.0.0.79
skype skype 4.2.0.158
skype skype 2.6.0.67
skype skype 3.0.0.123
skype skype 3.2.0.53
skype skype 3.2.0.158
skype skype 3.5.0.234
skype skype 3.6.0.244
skype skype 3.6.0.248
skype skype 0.95.0.40
skype skype 2.5.0.122
skype skype 0.91.0.2
skype skype 4.0.0.176
skype skype 0.95.0.11
skype skype 0.90.0.5
skype skype 2.5.0.130
skype skype 1.0.0.18
skype skype 1.3.0.66
skype skype 1.0.0.9
skype skype 3.5.0.229
skype skype 3.0.0.218
skype skype 2.6.0.74
skype skype 4.0.0.150
skype skype 0.95.0.36
skype skype 1.2.0.41
skype skype 4.1.0.141
skype skype 3.6.0.127
skype skype 0.98.0.6
skype skype 0.96.0.1
skype skype 2.0.0.73
skype skype 3.2.0.63
skype skype 3.5.0.158
skype skype 0.92.0.4
skype skype 0.90.0.10
skype skype 2.5.0.72
skype skype 3.0.0.205
skype skype 4.2.0.166
skype skype 4.1.0.136
skype skype 3.0.0.106
skype skype 3.1.0.144
skype skype 2.0.0.90
skype skype 3.1.0.112
skype skype 4.0.0.169
skype skype 1.0.0.94
skype skype 2.5.0.154
skype skype 3.0.0.190
skype skype 1.1.0.73
skype skype 1.0.0.106
skype skype 1.4.0.84
skype skype 4.2.0.141
skype skype 0.98.0.42
skype skype 1.0.0.29
skype skype 1.3.0.54
skype skype 4.0.0.227
skype skype 2.5.0.91
skype skype 2.5.0.137
skype skype 2.5.0.151
skype skype 4.2.0.155
skype skype 3.5.0.214
skype skype 2.5.0.113
skype skype 2.0.0.81
skype skype 1.2.0.48
skype skype 3.2.0.82
skype skype 0.94.0.28
skype skype 3.2.0.163
skype skype 4.0.0.215
skype skype 2.6.0.105
skype skype 3.8.0.96
skype skype 0.98.0.04
skype skype 0.97.0.40
skype skype 3.1.0.134
skype skype 1.3.0.55
skype skype 3.0.0.209
skype skype 2.0.0.69
skype skype 0.97.0.6
skype skype 4.0.0.224
skype skype 3.5.0.202
skype skype 4.1.0.179
CVE-2011-1717 LOW

Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
skype skype_for_android *
CVE-2011-2074 HIGH

Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a crafted message.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
skype skype 5.0.0.123
skype skype 5.0.0.105
skype skype 5.0.0.156
skype skype 5.1.0.104
skype skype 5.1.0.112
skype skype 5.0.0.152
CVE-2024-21411

Skype for Consumer Remote Code Execution Vulnerability

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@microsoft.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
skype skype *