VYPR

Skype

by Microsoft

CVEs (10)

  • CVE-2017-6517CriMar 23, 2017
    risk 0.67cvss 9.8epss 0.46

    Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the…

  • CVE-2018-8311HigJul 11, 2018
    risk 0.59cvss 8.8epss 0.17

    A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.

  • CVE-2017-9948HigJun 26, 2017
    risk 0.58cvss 8.8epss 0.06

    A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.

  • CVE-2018-8238HigJul 11, 2018
    risk 0.51cvss 7.8epss 0.05

    A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.

  • CVE-2016-5720HigJan 23, 2017
    risk 0.51cvss 7.8epss 0.02

    Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory.

  • CVE-2019-0932MedMay 16, 2019
    risk 0.39cvss 5.9epss 0.05

    An information disclosure vulnerability exists in Skype for Android, aka 'Skype for Android Information Disclosure Vulnerability'.

  • CVE-2018-8546MedNov 14, 2018
    risk 0.39cvss 5.9epss 0.05

    A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.

  • CVE-2019-0624MedJan 17, 2019
    risk 0.35cvss 5.4epss 0.01

    A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.

  • CVE-2019-0622MedJan 8, 2019
    risk 0.30cvss 4.6epss 0.02

    An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35.

  • CVE-2020-24003LowJan 11, 2021
    risk 0.22cvss 3.3epss 0.01

    Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone…