Vulnerabilities > Skype Technologies

DATE CVE VULNERABILITY TITLE RISK
2008-06-06 CVE-2008-2545 Improper Input Validation vulnerability in Skype Technologies Skype
Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case.
network
skype-technologies CWE-20
critical
9.3
2008-06-06 CVE-2008-1805 Improper Input Validation vulnerability in Skype Technologies Skype
Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist.
network
skype-technologies CWE-20
critical
9.3
2008-02-05 CVE-2008-0583 Code Injection vulnerability in Skype Technologies Skype
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454.
4.3
2008-02-05 CVE-2008-0582 Code Injection vulnerability in Skype Technologies Skype
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler.
4.3
2008-01-25 CVE-2008-0454 Cross-Site Scripting vulnerability in multiple products
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS."
9.3
2007-12-13 CVE-2007-5989 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Skype Technologies Skype
Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.
6.8
2007-08-20 CVE-2007-4429 Denial-Of-Service vulnerability in Skype
Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a "call to a specific number." NOTE: this identifier is for the en.securitylab.ru disclosure.
network
low complexity
skype-technologies
5.0
2006-09-29 CVE-2006-5084 Improper Input Validation vulnerability in Skype Technologies Skype
Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference.
network
low complexity
skype-technologies CWE-20
7.5
2006-05-19 CVE-2006-2312 Code Injection vulnerability in Skype Technologies Skype
Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.
network
high complexity
skype-technologies microsoft CWE-94
2.6
2005-10-27 CVE-2005-3267 Numeric Errors vulnerability in Skype Technologies Skype
Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow.
network
low complexity
skype-technologies CWE-189
critical
10.0