Vulnerabilities > CVE-2010-3136 - Unspecified vulnerability in Skype

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
skype
critical
exploit available
NVD
Published: 2010-08-26
Updated: 2017-09-19

Summary

Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file. Per: http://cwe.mitre.org/data/definitions/426.html CWE-426 - 'Untrusted Search Path Vulnerability'

Vulnerable Configurations

Part Description Count
Application
Skype
152

Exploit-Db

descriptionSkype <= 4.2.0.169 DLL Hijacking Exploit (wab32.dll). CVE-2010-3136. Local exploit for windows platform
fileexploits/windows/local/14766.c
idEDB-ID:14766
last seen2016-02-01
modified2010-08-25
platformwindows
port
published2010-08-25
reporterGlafkos Charalambous
sourcehttps://www.exploit-db.com/download/14766/
titleSkype <= 4.2.0.169 DLL Hijacking Exploit wab32.dll
typelocal

Oval

accepted2012-11-19T04:00:05.554-05:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameSergey Artykhov
    organizationALTX-SOFT
definition_extensions
commentSkype is installed
ovaloval:org.mitre.oval:def:11875
descriptionUntrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file.
familywindows
idoval:org.mitre.oval:def:11833
statusaccepted
submitted2010-09-09T09:45:46
titleUntrusted search path vulnerability in Skype version less than or equal to 4.2.0.169
version6

References