header-logo
Suggest Exploit
vendor:
Skype
by:
9
CVSS
CRITICAL
Remote Code Execution
134
CWE
Product Name: Skype
Affected Version From: Skype 1.5.0.79
Affected Version To: Skype 1.5.0.79
Patch Exists: NO
Related CWE:
CPE: a:skype:skype:1.5.0.79
Metasploit:
Other Scripts:
Platforms Tested: Apple Mac OS X

Skype Remote Format String Vulnerability

Skype is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before using it in the format-specification argument of a formatted-printing function. Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application, potentially facilitating the remote compromise of affected computers.

Mitigation:

Apply patches and updates from the vendor.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/20218/info

Skype is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before using it in the format-specification argument of a formatted-printing function.

Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application, potentially facilitating the remote compromise of affected computers.

Skype 1.5.0.79 and prior versions for Apple Mac OS X are vulnerable to this issue.

IFRAME SRC=skype:%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n