Vulnerabilities > Skype Technologies > Skype > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-06-06 | CVE-2008-1805 | Improper Input Validation vulnerability in Skype Technologies Skype Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist. | 9.3 |
| 2008-06-06 | CVE-2008-2545 | Improper Input Validation vulnerability in Skype Technologies Skype Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case. | 9.3 |
| 2008-01-25 | CVE-2008-0454 | Cross-Site Scripting vulnerability in multiple products Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS." | 9.3 |
| 2005-10-27 | CVE-2005-3265 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Skype Technologies Skype Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine. | 9.3 |
| 2005-10-27 | CVE-2005-3267 | Numeric Errors vulnerability in Skype Technologies Skype Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow. | 10.0 |
| 2005-01-10 | CVE-2004-1114 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Skype Technologies Skype Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777. | 9.3 |