10

CVE-2005-3267

Exploit
Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Skype TechnologiesSkype Version0.92.0.12 Editionlinux
Skype TechnologiesSkype Version0.93.0.3 Editionlinux
Skype TechnologiesSkype Version0.98.0.04
Skype TechnologiesSkype Version1.0.0.1 Editionlinux
Skype TechnologiesSkype Version1.0.0.7 Editionlinux
Skype TechnologiesSkype Version1.0.0.9
Skype TechnologiesSkype Version1.0.0.10
Skype TechnologiesSkype Version1.0.0.18
Skype TechnologiesSkype Version1.0.0.29
Skype TechnologiesSkype Version1.0.0.94
Skype TechnologiesSkype Version1.0.0.97
Skype TechnologiesSkype Version1.0.0.100
Skype TechnologiesSkype Version1.1.0.0
Skype TechnologiesSkype Version1.1.0.20 Editionlinux
Skype TechnologiesSkype Version1.1.06 Editionpocket_pc
Skype TechnologiesSkype Version1.2.0.17 Editionlinux
Skype TechnologiesSkype Version1.3.0.16 Editionmac_os_x
Skype TechnologiesSkype Version1.4.0.83
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.3% 0.936
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/17305/
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2005/2197
Vendor Advisory
http://marc.info/?l=bugtraq&m=113026202728568&w=2
http://securityreason.com/securityalert/115
http://skype.com/security/skype-sb-2005-03.html
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/905177
US Government Resource
http://www.osvdb.org/20306
http://www.securityfocus.com/bid/15192
Patch
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/22850