Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3265

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2005-3265
Last Modified 07 Mar 2011 09:26:11
Published 27 Oct 2005 06:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3265

Summary

Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine.

Vulnerable Systems

Application

  • Skype Technologies Skype 1.1.0.61

  • Skype Technologies Skype 1.1.0.73

  • Skype Technologies Skype 1.1.0.79

  • Skype Technologies Skype 1.2.0.0

  • Skype Technologies Skype 1.2.0.37

  • Skype Technologies Skype 1.2.0.41

  • Skype Technologies Skype 1.2.0.46

  • Skype Technologies Skype 1.3.0.45

  • Skype Technologies Skype 1.3.0.48

  • Skype Technologies Skype 1.3.0.51

  • Skype Technologies Skype 1.3.0.54

  • Skype Technologies Skype 1.3.0.55

  • Skype Technologies Skype 1.3.0.57

  • Skype Technologies Skype 1.3.0.60

  • Skype Technologies Skype 1.3.0.66

  • Skype Technologies Skype 1.4.0.71

  • Skype Technologies Skype 1.4.0.78

  • Skype Technologies Skype 1.4.0.83


References

CERT-VN - VU#930345

CERT-VN - VU#668193

MISC - http://www.pentest.co.uk/documents/ptl-2005-01.html

CONFIRM - http://skype.com/security/skype-sb-2005-02.html

XF - skype-uri-bo(22848)

VUPEN - ADV-2005-2197

BID - 15190

SECUNIA - 17305


Last Updated: 27 May 2016 10:40:52