Skype skype4com URI Handler Remote Heap Corruption (uncredentialed check)

High Nessus Plugin ID 29250


The remote Skype client is affected by a buffer overflow vulnerability


The version of Skype installed on the remote host is vulnerable to a heap overflow attack in the skype4com uri handler.

To exploit this vulnerability, a remote attacker must trick a user on the affected host into clicking on a specially crafted Skype URL.


Upgrade to Skype release

See Also

Plugin Details

Severity: High

ID: 29250

File Name: skype_uri_overflow.nasl

Version: $Revision: 1.14 $

Type: remote

Agent: windows

Family: Windows

Published: 2007/12/07

Modified: 2012/02/09

Dependencies: 21208, 10785

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:skype:skype

Required KB Items: Services/skype

Exploit Available: false

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2007-5989

BID: 26748

OSVDB: 39170

CWE: 119