Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3267

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2005-3267
Last Modified 07 Mar 2011 12:00:00
Published 27 Oct 2005 06:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3267

Summary

Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow.

Vulnerable Systems

Application

  • Skype Technologies Skype 0.92.0.12

  • Skype Technologies Skype 0.93.0.3

  • Skype Technologies Skype 0.98.0.04

  • Skype Technologies Skype 1.0.0.1

  • Skype Technologies Skype 1.0.0.10

  • Skype Technologies Skype 1.0.0.100

  • Skype Technologies Skype 1.0.0.18

  • Skype Technologies Skype 1.0.0.29

  • Skype Technologies Skype 1.0.0.7

  • Skype Technologies Skype 1.0.0.9

  • Skype Technologies Skype 1.0.0.94

  • Skype Technologies Skype 1.0.0.97

  • Skype Technologies Skype 1.1.0.0

  • Skype Technologies Skype 1.1.0.20

  • Skype Technologies Skype 1.1.06

  • Skype Technologies Skype 1.2.0.17

  • Skype Technologies Skype 1.3.0.16

  • Skype Technologies Skype 1.4.0.83


References

CERT-VN - VU#905177

BID - 15192

CONFIRM - http://skype.com/security/skype-sb-2005-03.html

SECUNIA - 17305

XF - skype-client-udp-bo(22850)

VUPEN - ADV-2005-2197

OSVDB - 20306

SREASON - 115

BUGTRAQ - 20051025 Skype security advisory


Last Updated: 27 May 2016 10:40:52