Skype for Business 2013 suffers from a user enumeration timing attack vulnerability.
dedc70fffc5ea2d07f68d69fbe8ae570b34e97daacc51b72c8224705bb509cbcMicrosoft Skype for Business latest versions affected from external service interaction (DNS) vulnerability. A remote attacker could force the vulnerable server to send DNS request to any remote server attacker wants.
31dcf21797598a1609a11a0a94cb747057677e0445801e5894f06e082761eb09A large number of emojis received in one message by the Skype For Business client freezes the program for a few seconds. This can be exploited to perform denial of service attacks against Skype for Business users and compromises the availability of the program. Affected includes Skype for Business 2015 (Lync 2013) before version 15.0.5075.1000 and Skype for Business 2016 before version 16.0.4756.1000.
6f0b4e1f98c61b5c68a056d607be3d7b4027bbb364d50f953833abd9b9e26d5dSkype on Debian automatically installs apt configuration that adds Microsoft's apt repo to the system's package sources. That way, Microsoft (or anybody holding their repo's private key) can easily inject malicious packages via regular update and replace distro packages w/ their own manipulated ones.
1af0ce7e985b6e6fa65956ab99747246fc9ef0fec3fb8d2b6a3f4313086f54c4Skype Empresarial Office 365 version 16.0.10730.20053 suffers from a denial of service vulnerability.
3e7987d784144b91aefb2a14f3e9d598157afc82ba38c417a05ee061228b522dSkypeApp version 12.8.487.0 suffers from a denial of service vulnerability.
74a0008f25cf7019c32e06ec014fd9992cd08c5c5a6223d52d89765199e85dcdSkype version 7.16.0.102 suffers from a dll hijacking vulnerability.
011f971bdb45d821640b52a50a8840eef5c6b5fec316c457347aa001a208a0daThe Skype installer suffers from a dll hijacking vulnerability.
0b3c640eeab0ab7cd7ec7ebff214b1a4bceb0e0789d4d92e6c3110b0a6a3749aSkype appears to possibly be susceptible to a content spoofing vulnerability.
1818fa20690442196c2929353bf64fe6a49db93abd0c384a6575fe27f68fa6fdThis tool can be used to enumerate Skype users profiles, contacts, messages, and calls from the main.db file. This is automated easy to use application in which to perform forensic spelunking of Skype data.
c5eb5f2d1fcead4e96207e4b85959a611b231d00883e83e72cbcb504f8e2d96dThe default installation of Skype is vulnerable to a local privilege escalation attack that allows an unprivileged attacker to execute arbitrary code with NT AUTHORITY/SYSTEM privileges. Versions 6.2.0.106 and below are affected.
d220809c5a2ec3bca6b7d83539650b12420bc8778406212fc05cd585e28a6a0fThis is a tool that demonstrates dumping MD5 password hashes from the configuration file in Skype.
1c5bf93ebc41bc95553af5a1fa8a89d8ada7ff8cb06b4f21db26e8a540ca2921Even if a user has their security settings with no history enabled, Skype 5.x.x fails to securely remove chat messages stored in the sqlite3 database.
71d5feb9cc956c726042c458e08a52e135cac25deae5200ce474ea31c5489a36Whitepaper called Skype Voice Over IP Software Vulnerabilities, Techniques and Methods - Zero Day Exploitation 2011.
b0175858820b9e6438b1ec0ef4a41eeaa2957167c87f13ca78bade3f36b4401aA critical pointer vulnerability is located in the Mac OS X and Windows versions of Skype. The bug is located in 2 input forms of a unicode HTTP search request to the Skype search directory server. The vulnerability allows a local attacker to crash the complete Skype process via an unknown unhandled software exception. The bug allows a local attacker to overwrite or read a new address (skype_debug2_win7_x64x.png).
ecad962852550d791ca6abfe3c2523e48124d32e8c4270d0824d797e4340408bSkype versions 5.5.0.113 and below on Windows suffers from HTML and Javascript injection vulnerabilities.
2c528e6e8bc01de1bd0fc12e3f7250aa305dc496eec675d266f122e65a63097dSkype versions 5.3.0.120 and below suffer from a persistent cross site scripting vulnerability.
6502c1a5c7b0f0b745b272603838a61f211ef0fcd561fff81c2468592c539233This advisory discusses a re mote scripting injection issue with Skype on Mac OS X.
709d209d6b139b30f4f885a39c7413251dcb2f639592c6e221e4bcd8027a2517Skype versions 4.2.0.169 and below DLL hijacking exploit that leverages wab32.dll.
1dc9ab9214f52af84cad865cee20c04573afdca03114518ac2f62b433d256a0eThe Skype client for Mac Chat suffers from a unicode related denial of service vulnerability.
f948952222defade88deecce448672cc4c9753535691afb7597dc9381db5ac14Whitepaper called An Analysis of the Skype IMBot Logic and Functionality.
2d29fd8a23eb7307b687f82418e8cb93f8c1f548a9d18512a96cbfed010aa84fSkype client versions prior to 4.2.0.1.55 suffer from a URI handling input validation vulnerability that allows for remote command execution.
faa86373432c9b156df0c665dcd6633b96c306a1b1b24a4aa08c75976837f5d5Skype for Linux versions 2.1 Beta and below suffer from some odd denial of service and html injection issues that can assist phishing attacks.
81e0e2ceda585f48185b028e2f3564d52d7f78e982636a47edc12a681c5dcb5fThis is the source code for the Skype Superintendent Trojan. It injects function calls into the Skype process to intercept all audio data coming and going to the Skype process. It extracts the PCM audio data, converts it to MP3 and sends it to the attacker after encrypting it.
50398ad61e00692c92dd2314b4361cbb17e4a9e0f3004de10cacb297e3951d03Simple Skype account brute forcing utility written in Perl.
3b0f91f8c01c5c49815e3606b3b5677bab209b352ad2741a5ede24884a1c24c5Skype extension for Firefox BETA version 2.2.0.95 Clipboard writing vulnerability proof of concept exploit.
ee237e2cea9bdff0960bd5afa285e1bb07fb40ab0f22feaaa628dee620ccc801
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed