Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1114

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2004-1114
Last Modified 05 Sep 2008 04:40:25
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-1114

Summary

Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777.

Vulnerable Systems

Application

  • Skype Technologies Skype 1.0.0.10

  • Skype Technologies Skype 1.0.0.18

  • Skype Technologies Skype 1.0.0.29

  • Skype Technologies Skype 1.0.0.9

  • Skype Technologies Skype 1.0.0.94

  • Skype Technologies Skype 1.0.0.97


References

BID - 11682

XF - skype-callto-uri-bo(18063)

CONFIRM - http://www.skype.com/security/ssa-2004-02.html

CONFIRM - http://www.skype.com/products/skype/windows/changelog.html

OSVDB - 11786

SECUNIA - 13191

BUGTRAQ - 20041115 Re: Skype callto:// BoF technical details

BUGTRAQ - 20041116 Skype callto:// BoF technical details


Last Updated: 27 May 2016 10:38:54