Vulnerability Details CVE-2007-5989
Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.061
EPSS Ranking 90.2%
CVSS Severity
CVSS v2 Score 6.8
References
- http://osvdb.org/39170
- http://secunia.com/advisories/27934
- http://securityreason.com/securityalert/3440
- http://securitytracker.com/id?1019056
- http://www.securityfocus.com/archive/1/484703/100/0/threaded
- http://www.securityfocus.com/bid/26748
- http://www.vupen.com/english/advisories/2007/4110
- http://www.zerodayinitiative.com/advisories/ZDI-07-070.html
- http://osvdb.org/39170
- http://secunia.com/advisories/27934
- http://securityreason.com/securityalert/3440
- http://securitytracker.com/id?1019056
- http://www.securityfocus.com/archive/1/484703/100/0/threaded
- http://www.securityfocus.com/bid/26748
- http://www.vupen.com/english/advisories/2007/4110
- http://www.zerodayinitiative.com/advisories/ZDI-07-070.html
Products affected by CVE-2007-5989
-
cpe:2.3:a:skype_technologies:skype:0.98.0.04
-
cpe:2.3:a:skype_technologies:skype:1.0.0.10
-
cpe:2.3:a:skype_technologies:skype:1.0.0.100
-
cpe:2.3:a:skype_technologies:skype:1.0.0.18
-
cpe:2.3:a:skype_technologies:skype:1.0.0.29
-
cpe:2.3:a:skype_technologies:skype:1.0.0.9
-
cpe:2.3:a:skype_technologies:skype:1.0.0.94
-
cpe:2.3:a:skype_technologies:skype:1.0.0.97
-
cpe:2.3:a:skype_technologies:skype:1.1.0.0
-
cpe:2.3:a:skype_technologies:skype:1.4.0.83
-
cpe:2.3:a:skype_technologies:skype:1.5.0.79
-
cpe:2.3:a:skype_technologies:skype:1.5.80
-
cpe:2.3:a:skype_technologies:skype:2.0
-
cpe:2.3:a:skype_technologies:skype:2.0.104
-
cpe:2.3:a:skype_technologies:skype:2.0.105
-
cpe:2.3:a:skype_technologies:skype:2.5
-
cpe:2.3:a:skype_technologies:skype:2.5.78
-
cpe:2.3:a:skype_technologies:skype:2.5.79