7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.234 Low
EPSS
Percentile
96.5%
Skype for Mac contains a format string vulnerability in the handling of URIs, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Skype software provides telephone service over IP networks. There is a format string vulnerability in the NSRunAlertPanel
function in the routines that handle Skype-specific URIs, such as skype://
.
By sending a specially crafted URI to Skype, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user. Such a URI can be sent to Skype by convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment). The attacker could also cause Skype to crash.
Apply an update
This vulnerability is addressed in Skype for Mac release 1.5.*.80 or later.
202604
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: October 06, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see SKYPE-SB/2006-002.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23202604 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by Tom Ferris of Security-Protocols.
This document was written by Will Dormann.
CVE IDs: | CVE-2006-5084 |
---|---|
Severity Metric: | 8.29 Date Public: |