Detections
Analytics

Skype skype4com URI Handler Remote Heap Corruption (uncredentialed check)

high Nessus Plugin ID 29250

Language:

Synopsis

The remote Skype client is affected by a buffer overflow vulnerability

Description

The version of Skype installed on the remote host is vulnerable to a heap overflow attack in the skype4com uri handler.

To exploit this vulnerability, a remote attacker must trick a user on the affected host into clicking on a specially crafted Skype URL.

Solution

Upgrade to Skype release 3.6.0.216

See Also

https://www.zerodayinitiative.com/advisories/ZDI-07-070/

Plugin Details

Severity: High

ID: 29250

File Name: skype_uri_overflow.nasl

Version: 1.17

Type: remote

Agent: windows

Family: Windows

Published: 12/7/2007

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:skype:skype

Required KB Items: Services/skype

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2007-5989

BID: 26748

CWE: 119