Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5989

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5989
Last Modified 07 Mar 2011 10:01:36
Published 13 Dec 2007 04:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5989

Summary

Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.

Vulnerable Systems

Application

  • Skype Technologies Skype 0.98.0.04

  • Skype Technologies Skype 1.0.0.10

  • Skype Technologies Skype 1.0.0.100

  • Skype Technologies Skype 1.0.0.18

  • Skype Technologies Skype 1.0.0.29

  • Skype Technologies Skype 1.0.0.9

  • Skype Technologies Skype 1.0.0.94

  • Skype Technologies Skype 1.0.0.97

  • Skype Technologies Skype 1.1.0.0

  • Skype Technologies Skype 1.4.0.83

  • Skype Technologies Skype 1.5.0.79

  • Skype Technologies Skype 1.5.80

  • Skype Technologies Skype 2.0

  • Skype Technologies Skype 2.0.104

  • Skype Technologies Skype 2.0.105

  • Skype Technologies Skype 2.5

  • Skype Technologies Skype 2.5.78

  • Skype Technologies Skype 2.5.79


References

MISC - http://www.zerodayinitiative.com/advisories/ZDI-07-070.html

VUPEN - ADV-2007-4110

BID - 26748

BUGTRAQ - 20071206 ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability

SECUNIA - 27934

OSVDB - 39170

SECTRACK - 1019056

SREASON - 3440


Last Updated: 27 May 2016 10:46:20