VulDB: Skype Client 2.8 on Mac Chat Unicode Handler Eingabeungültigkeit
General
scipID: 4142
Affected: Skype Client 2.8
Published: 06/21/2010 (Marc Ruef)
Risk: 
problematic
Entry: 89.5% complete
Created: 06/21/2010
Updated: 07/09/2010
Summary
A vulnerability, which was classified as problematic, has been found in Skype Client 2.8. Affected by this issue is an unknown function of the component Chat Unicode Handler. The manipulation with an unknown input leads to a eingabeungültigkeit vulnerability. Impacted is confidentiality, and integrity.
The weakness was disclosed 06/21/2010 by Marc Ruef with scip AG. The advisory is shared for download at scip.ch. The attack may be launched remotely. Technical details are unknown but an exploit is available.
The exploit is shared for download at developer.skype.com.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at skype.com. The vulnerability is also documented in the vulnerability database at OSVDB (65974). securityfocus.com is providing further details.CVSS
Base Score: 3.6 (CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:N) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Eingabeungültigkeit
Local: No
Remote: Yes
Availability: Yes
Download: developer.skype.com
Countermeasures
Recommended: Alternative
0-Day Time: 0 days since found
Patch: skype.com
Timeline
06/21/2010 | Advisory disclosed
06/21/2010 | VulDB entry created
07/02/2010 | OSVDB entry created
07/09/2010 | VulDB entry updated
Sources
Advisory: scip.ch
Researcher: Marc Ruef
Company: scip AG
OSVDB: 65974
Misc.: securityfocus.com
- Latest Entries
- EMC RSA Authentication API Encryption Key information disclosure
- Cisco Secure Access Control System Web Interface weak authentication
- Python ssl.match_hostname() denial of service
- Mozilla Firefox/Thunderbird nsContentUtils::RemoveScriptBlocker buffer overflow
- Mozilla Firefox/Thunderbird nsFrameList::FirstChild buffer overflow
- Statistics
- Archive
