8 matches found
CVE-2017-6517
CVE-2017-6517 affects Microsoft Skype 7.16.0.102, due to insecure library loading in Skype.exe that handles (api-ms-win-core-winrt-string-l1-1-0.dll). An unauthenticated attacker could leverage DLL hijacking to execute arbitrary code on the target system. Public sources describe this as a DLL loa...
CVE-2019-0622
The CVE-2019-0622 entry concerns Skype for Android 8.35. The vulnerability is an elevation-of-privilege flaw that could allow bypassing the Android lockscreen and access personal data when an attacker properly interacts with authentication requests; exploitation requires physical access to the de...
CVE-2019-0932
CVE-2019-0932 is an information-disclosure vulnerability in Skype for Android. An attacker could listen to a user’s Skype conversations by placing a call to an Android Skype client that is paired with a Bluetooth device. Exploitation requires the attacker to initiate a call to the target’s Skype ...
CVE-2017-9948
CVE-2017-9948: A stack buffer overflow in Skype's MSFTEDIT.DLL arises from mishandling images copied from an RDP session clipboard, affecting Skype versions 7.2, 7.35, and 7.36 prior to 7.37. The issue allows remote/local exploitation to crash or potentially execute code, as described across mult...
CVE-2018-0595
CVE-2018-0595 is an untrusted search path (DLL planting) vulnerability in the Skype for Windows installer. The installer can be hijacked by a Trojan horse DLL placed in the same directory, allowing arbitrary code execution with the privileges of the invoking user. Documents consistently identify ...
CVE-2016-5720
CVE-2016-5720 corresponds to DLL hijacking in Microsoft Skype for Windows, caused by untrusted search paths involving msi.dll, dpapi.dll, or cryptui.dll located in the current working directory. The connected OpenVAS/Kaspersky/CNVD entries confirm this as a DLL-search-path issue in Skype’s instal...
CVE-2018-0594
CVE-2018-0594 describes an untrusted search path (DLL planting) vulnerability in Skype for Windows. The issue allows privilege escalation via a Trojan horse DLL placed in the same directory as the Skype executable. Affected product: Skype for Windows. Root cause: insecure DLL search path (CWE-427...
CVE-2020-24003
Summary: CVE-2020-24003 affects Microsoft Skype for macOS up to 8.59.0.77. The issue is the disable-library-validation entitlement, which can let a local process load a crafted library and thereby obtain unprompted microphone and camera access through the Skype client. This is a local-privilege s...