Vulnerabilities > CVE-2011-2074 - Remote Code Execution vulnerability in Skype Technologies Skype for Mac
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a crafted message. Per: http://blogs.skype.com/security/2011/05/security_vulnerability_in_mac.html 'Please note, Skype's other clients, e.g. Windows and Linux, are not susceptible to this vulnerability.'
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 | |
| OS | 1 |
Nessus
NASL family Misc. NASL id SKYPE_5_1_0_922.NASL description According to its timestamp, the version of Skype installed on the remote Mac OS X host reportedly allows an attacker to send a specially crafted message to a user on the affected host and execute arbitrary code. Note that by default, such a message would have to come from someone in a user last seen 2020-06-01 modified 2020-06-02 plugin id 53845 published 2011-05-09 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53845 title Skype for Mac 5.x < 5.1.0.922 Unspecified Remote Code Execution (uncredentialed check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(53845); script_version("1.7"); script_cvs_date("Date: 2018/07/27 18:38:14"); script_cve_id("CVE-2011-2074"); script_bugtraq_id(47747); script_name(english:"Skype for Mac 5.x < 5.1.0.922 Unspecified Remote Code Execution (uncredentialed check)"); script_summary(english:"Checks Skype timestamp"); script_set_attribute( attribute:"synopsis", value:"The remote Skype client allows arbitrary code execution." ); script_set_attribute( attribute:"description", value: "According to its timestamp, the version of Skype installed on the remote Mac OS X host reportedly allows an attacker to send a specially crafted message to a user on the affected host and execute arbitrary code. Note that by default, such a message would have to come from someone in a user's Skype Contact List." ); # http://www.purehacking.com/blogs/gordon-maddern/skype-0day-vulnerabilitiy-discovered-by-pure-hacking script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6a8cef8d" ); # http://blogs.skype.com/security/2011/05/security_vulnerability_in_mac.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c36790c1" ); script_set_attribute( attribute:"solution", value:"Upgrade to Skype for Mac 5.1.0.922 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/05/06"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/09"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:skype:skype"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("skype_version.nbin", "os_fingerprint.nasl"); script_require_keys("Services/skype"); script_require_ports("Services/www"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); port = get_service(svc:"skype", exit_on_fail:TRUE); # The flaw only affects Mac OS X hosts. skype_version = get_kb_item("Skype/"+port+"/skypeVersion"); if (!isnull(skype_version)) { if ("Mac OS X" >!< skype_version) exit(0, "The "+skype_version+" install listening on port "+port+" is not affected since it's not Skype for Mac."); } else { if (report_paranoia < 2) { os = get_kb_item_or_exit("Host/OS"); if ("Mac OS X" >!< os) exit(0, "The host does not appear to be running Mac OS X."); } } # nb: "ts = 1103301002" => "version = 5.1.0.922" # "ts = 1101202353" => "version = 5.0.0.7980". ts = get_kb_item_or_exit("Skype/"+port+"/stackTimeStamp"); if (ts >= 1101202353 && ts < 1103301002) { if (report_verbosity > 0 && !isnull(skype_version)) { report = '\n Installed version : ' + skype_version + '\n Fixed version : Skype for Mac OS X Version 5.1.0.922\n'; security_warning(port:port, extra:report); } security_warning(port); exit(0); } else { if (isnull(skype_version)) exit(0, "The Skype install listening on port "+port+" is not affected based on its timestamp ("+ts+")."); else exit(0, "The Skype install listening on port "+port+" is not affected based on its version ("+skype_version+")."); }NASL family MacOS X Local Security Checks NASL id MACOSX_SKYPE_5_1_0_922.NASL description According to its version, the instance of Skype installed on the remote Mac OS X host reportedly allows an attacker to send a specially crafted message to a user on the affected host and execute arbitrary code. Note that by default, such a message would have to come from someone in a user last seen 2020-06-01 modified 2020-06-02 plugin id 53844 published 2011-05-09 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53844 title Skype for Mac 5.x < 5.1.0.922 Unspecified Remote Code Execution (credentialed check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(53844); script_version("1.7"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2011-2074"); script_bugtraq_id(47747); script_name(english:"Skype for Mac 5.x < 5.1.0.922 Unspecified Remote Code Execution (credentialed check)"); script_summary(english:"Checks version of Skype from Info.plist"); script_set_attribute( attribute:"synopsis", value: "The remote Mac OS X host has an application that allows arbitrary code execution." ); script_set_attribute( attribute:"description", value: "According to its version, the instance of Skype installed on the remote Mac OS X host reportedly allows an attacker to send a specially crafted message to a user on the affected host and execute arbitrary code. Note that by default, such a message would have to come from someone in a user's Skype Contact List." ); # http://www.purehacking.com/blogs/gordon-maddern/skype-0day-vulnerabilitiy-discovered-by-pure-hacking script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6a8cef8d"); # http://blogs.skype.com/security/2011/05/security_vulnerability_in_mac.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c36790c1"); script_set_attribute(attribute:"solution", value:"Upgrade to Skype for Mac 5.1.0.922 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/05/06"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:skype:skype"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("macosx_skype_installed.nasl"); script_require_keys("MacOSX/Skype/Version"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("MacOSX/Skype/Version"); fixed_version = "5.1.0.922"; if ( version =~ "^5\." && ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1 ) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : '+fixed_version+'\n'; security_warning(port:0, extra:report); } else security_warning(0); exit(0); } else exit(0, "Skype for Mac "+version+" is installed and thus not affected.");
References
- http://blogs.skype.com/security/2011/05/security_vulnerability_in_mac.html
- http://isc.sans.edu/diary.html?storyid=10837
- http://secunia.com/advisories/44522
- http://www.purehacking.com/blogs/gordon-maddern/skype-0day-vulnerabilitiy-discovered-by-pure-hacking
- http://www.securityfocus.com/bid/47747
- http://www.theregister.co.uk/2011/05/06/skype_for_mac_critical_vulnerability/
- http://www.vupen.com/english/advisories/2011/1192