Vulnerabilities > Skype Technologies > Skype > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-02-05 | CVE-2008-0583 | Code Injection vulnerability in Skype Technologies Skype Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454. | 4.3 |
| 2008-02-05 | CVE-2008-0582 | Code Injection vulnerability in Skype Technologies Skype Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler. | 4.3 |
| 2007-12-13 | CVE-2007-5989 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Skype Technologies Skype Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption. | 6.8 |
| 2007-08-20 | CVE-2007-4429 | Denial-Of-Service vulnerability in Skype Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a "call to a specific number." NOTE: this identifier is for the en.securitylab.ru disclosure. | 5.0 |
| 2005-05-03 | CVE-2005-1407 | Local Security vulnerability in Skype Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application. | 4.6 |
| 2004-12-31 | CVE-2004-1777 | Improper Input Validation vulnerability in Skype Technologies Skype 0.98.0.04 A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114. | 5.0 |