Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4429

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4429
Last Modified 05 Sep 2008 05:28:12
Published 20 Aug 2007 03:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4429

Summary

Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a "call to a specific number." NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the "sign-on issues" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem.

Vulnerable Systems

Application

  • Skype Technologies Skype


References

MISC - http://www.securitylab.ru/news/301422.php

BUGTRAQ - 20070820 Re[2]: Skype Network Remote DoS Exploit

BUGTRAQ - 20070820 RE: Skype Network Remote DoS Exploit

BUGTRAQ - 20070820 Re: Skype Network Remote DoS Exploit

BUGTRAQ - 20070817 Skype Network Remote DoS Exploit

SREASON - 3032

MISC - http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html

MISC - http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html

MISC - http://en.securitylab.ru/poc/extra/301419.php

MISC - http://en.securitylab.ru/poc/301420.php

MISC - http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates


Last Updated: 27 May 2016 10:45:52