Vulnerabilities > CVE-2007-5989 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Skype Technologies Skype

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

skype-technologies

CWE-119

nessus

NVD

Published: 2007-12-13

Updated: 2018-10-15

Summary

Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.

Vulnerable Configurations

Part	Description	Count
Application	Skype_Technologies Skype Technologies Skype 0.98.0.04 Skype Technologies Skype 1.0.0.9 Skype Technologies Skype 1.0.0.10 Skype Technologies Skype 1.0.0.18 Skype Technologies Skype 1.0.0.29 Skype Technologies Skype 1.0.0.94 Skype Technologies Skype 1.0.0.97 Skype Technologies Skype 1.0.0.100 Skype Technologies Skype 1.1.0.0 Skype Technologies Skype 1.4.0.83 Skype Technologies Skype 1.5.0.79 Skype Technologies Skype 1.5.80 Skype Technologies Skype 2.0 Skype Technologies Skype 2.0.104 Skype Technologies Skype 2.0.105 Skype Technologies Skype 2.5 Skype Technologies Skype 2.5.78 Skype Technologies Skype 2.5.79	18

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	Windows
NASL id	SKYPE_URI_OVERFLOW.NASL
description	The version of Skype installed on the remote host is vulnerable to a heap overflow attack in the skype4com uri handler. To exploit this vulnerability, a remote attacker must trick a user on the affected host into clicking on a specially crafted Skype URL.
last seen	2020-06-01
modified	2020-06-02
plugin id	29250
published	2007-12-07
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/29250
title	Skype skype4com URI Handler Remote Heap Corruption (uncredentialed check)
code	# # (C) Tenable Network Security, Inc. # if ( NASL_LEVEL < 3000 ) exit(0); include("compat.inc"); if (description) { script_id(29250); script_version("1.16"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id("CVE-2007-5989"); script_bugtraq_id(26748); script_name(english:"Skype skype4com URI Handler Remote Heap Corruption (uncredentialed check)"); script_summary(english:"Checks version of Skype"); script_set_attribute(attribute:"synopsis", value: "The remote Skype client is affected by a buffer overflow vulnerability" ); script_set_attribute(attribute:"description", value: "The version of Skype installed on the remote host is vulnerable to a heap overflow attack in the skype4com uri handler. To exploit this vulnerability, a remote attacker must trick a user on the affected host into clicking on a specially crafted Skype URL." ); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-07-070/" ); script_set_attribute(attribute:"solution", value: "Upgrade to Skype release 3.6.0.216" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2007/12/07"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:skype:skype"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_dependencies("skype_version.nbin", "smb_nativelanman.nasl"); script_require_keys("Services/skype"); script_require_ports(139, 445); exit(0); } include("global_settings.inc"); include("misc_func.inc"); # The flaw only affects Windows hosts. if (report_paranoia < 2) { os = get_kb_item("Host/OS/smb"); if (!os) exit(0, "The 'Host/OS/smb' KB item is missing."); if ("Windows" >!< os) exit(0, "The issue only affects Windows hosts."); } port = get_service(svc:"skype", exit_on_fail:TRUE); # nb: "ts = 711112234" => "version = 3.6.0.216" ts = get_kb_item_or_exit("Skype/"+port+"/stackTimeStamp"); if (ts > 0 && ts < 711112234) security_hole(port); else exit(0, "The Skype client listening on port "+port+" is not affected based on its timestamp ("+ts+").");

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 27338 CVE(CAN) ID: CVE-2007-5989 Skype是一款流行的P2P VoIP软件，可提供高质量的语音通讯服务。 Skype的ActiveX控件运行环境设置上存在漏洞，远程攻击者可能利用此漏洞在用户系统上执行任意指令。 Skype使用了Internet Explorer Web控件来渲染HTML内容并提供“add video to mood”和“add video to chat”功能。这些功能都是通过JS/ActiveX接口实现的，允许在IE的Local Zone安全环境中运行脚本。由于这个安全环境的安全级别设置比较低，因此如果用户受骗访问了恶意站点的话，就可能导致在用户机器上执行任意指令。 Skype Skype 3.6 Skype Skype 3.5 临时解决方法： * 配置Skype使用Local Machine Zone Lockdown功能。编辑HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LocalMachine_Lockdown注册表项，包含DWORD值Skype.exe，并将Value设置为1。或者，将以下文本保存为.REG文件并导入： Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LocalMachine_Lockdown] "Skype.exe"=dword:00000001 厂商补丁： Skype ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： <a href=http://www.skype.com/ target=_blank>http://www.skype.com/</a>
id	SSV:2879
last seen	2017-11-19
modified	2008-01-31
published	2008-01-31
reporter	Root
title	Skype Web内容区远程代码执行漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Seebug

References