VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-3136
skype: Untrusted search path vulnerability in Skype 4.2.0....
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3136

Original

Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-08-26
Source Information Category:
Advisory, Alert
Last Updated:
2010-08-27




Affected Product Tags
cpe:/a:skype:skype:0.90.0.10:beta
cpe:/a:skype:skype:0.90.0.5:beta
cpe:/a:skype:skype:0.91.0.2:beta
cpe:/a:skype:skype:0.92.0.4:beta
cpe:/a:skype:skype:0.93.0.18:beta
cpe:/a:skype:skype:0.93.1.1:beta
cpe:/a:skype:skype:0.94.0.19:beta
cpe:/a:skype:skype:0.94.0.28:beta
cpe:/a:skype:skype:0.95.0.11:beta
cpe:/a:skype:skype:0.95.0.25:beta
cpe:/a:skype:skype:0.95.0.36:beta
cpe:/a:skype:skype:0.95.0.40:beta
cpe:/a:skype:skype:0.96.0.1:beta
cpe:/a:skype:skype:0.96.0.3:beta
cpe:/a:skype:skype:0.97.0.1:beta
cpe:/a:skype:skype:0.97.0.3:beta
cpe:/a:skype:skype:0.97.0.40:beta
cpe:/a:skype:skype:0.97.0.6:beta
cpe:/a:skype:skype:0.98.0.04:beta
cpe:/a:skype:skype:0.98.0.28:beta
cpe:/a:skype:skype:0.98.0.42:beta
cpe:/a:skype:skype:0.98.0.68:beta
cpe:/a:skype:skype:0.98.0.6:beta
cpe:/a:skype:skype:1.0.0.10
cpe:/a:skype:skype:1.0.0.100
cpe:/a:skype:skype:1.0.0.106
cpe:/a:skype:skype:1.0.0.18
cpe:/a:skype:skype:1.0.0.29
cpe:/a:skype:skype:1.0.0.9
cpe:/a:skype:skype:1.0.0.94
cpe:/a:skype:skype:1.0.0.97
cpe:/a:skype:skype:1.1.0.6
cpe:/a:skype:skype:1.1.0.73
cpe:/a:skype:skype:1.1.0.79
cpe:/a:skype:skype:1.2.0.37
cpe:/a:skype:skype:1.2.0.41
cpe:/a:skype:skype:1.2.0.48
cpe:/a:skype:skype:1.3.0.45
cpe:/a:skype:skype:1.3.0.48
cpe:/a:skype:skype:1.3.0.51
cpe:/a:skype:skype:1.3.0.54
cpe:/a:skype:skype:1.3.0.55
cpe:/a:skype:skype:1.3.0.57
cpe:/a:skype:skype:1.3.0.60
cpe:/a:skype:skype:1.3.0.66
cpe:/a:skype:skype:1.4.0.71
cpe:/a:skype:skype:1.4.0.78
cpe:/a:skype:skype:1.4.0.84
cpe:/a:skype:skype:2.0.0.103
cpe:/a:skype:skype:2.0.0.105
cpe:/a:skype:skype:2.0.0.107
cpe:/a:skype:skype:2.0.0.69
cpe:/a:skype:skype:2.0.0.73
cpe:/a:skype:skype:2.0.0.79
cpe:/a:skype:skype:2.0.0.81
cpe:/a:skype:skype:2.0.0.90
cpe:/a:skype:skype:2.0.0.97
cpe:/a:skype:skype:2.5.0.113
cpe:/a:skype:skype:2.5.0.122
cpe:/a:skype:skype:2.5.0.126
cpe:/a:skype:skype:2.5.0.130
cpe:/a:skype:skype:2.5.0.137
cpe:/a:skype:skype:2.5.0.141
cpe:/a:skype:skype:2.5.0.151
cpe:/a:skype:skype:2.5.0.154
cpe:/a:skype:skype:2.5.0.72
cpe:/a:skype:skype:2.5.0.82
cpe:/a:skype:skype:2.5.0.91
cpe:/a:skype:skype:2.6.0.103:beta
cpe:/a:skype:skype:2.6.0.105:beta
cpe:/a:skype:skype:2.6.0.67:beta
cpe:/a:skype:skype:2.6.0.74:beta
cpe:/a:skype:skype:2.6.0.81:beta
cpe:/a:skype:skype:2.6.0.97:beta
cpe:/a:skype:skype:3.0.0.106:beta
cpe:/a:skype:skype:3.0.0.123:beta
cpe:/a:skype:skype:3.0.0.137:beta
cpe:/a:skype:skype:3.0.0.154:beta
cpe:/a:skype:skype:3.0.0.190
cpe:/a:skype:skype:3.0.0.198
cpe:/a:skype:skype:3.0.0.205
cpe:/a:skype:skype:3.0.0.209
cpe:/a:skype:skype:3.0.0.214
cpe:/a:skype:skype:3.0.0.216
cpe:/a:skype:skype:3.0.0.217
cpe:/a:skype:skype:3.0.0.218
cpe:/a:skype:skype:3.1.0.112:beta
cpe:/a:skype:skype:3.1.0.134:beta
cpe:/a:skype:skype:3.1.0.144
cpe:/a:skype:skype:3.1.0.147
cpe:/a:skype:skype:3.1.0.150
cpe:/a:skype:skype:3.1.0.152
cpe:/a:skype:skype:3.2.0.115:beta
cpe:/a:skype:skype:3.2.0.145
cpe:/a:skype:skype:3.2.0.148
cpe:/a:skype:skype:3.2.0.152
cpe:/a:skype:skype:3.2.0.158
cpe:/a:skype:skype:3.2.0.163
cpe:/a:skype:skype:3.2.0.175
cpe:/a:skype:skype:3.2.0.53:beta
cpe:/a:skype:skype:3.2.0.63:beta
cpe:/a:skype:skype:3.2.0.82:beta
cpe:/a:skype:skype:3.5.0.107:beta
cpe:/a:skype:skype:3.5.0.158:beta
cpe:/a:skype:skype:3.5.0.178
cpe:/a:skype:skype:3.5.0.202
cpe:/a:skype:skype:3.5.0.214
cpe:/a:skype:skype:3.5.0.229
cpe:/a:skype:skype:3.5.0.234
cpe:/a:skype:skype:3.5.0.239
cpe:/a:skype:skype:3.6.0.127:beta
cpe:/a:skype:skype:3.6.0.159:beta
cpe:/a:skype:skype:3.6.0.216
cpe:/a:skype:skype:3.6.0.244
cpe:/a:skype:skype:3.6.0.248
cpe:/a:skype:skype:3.8.0.115
cpe:/a:skype:skype:3.8.0.139
cpe:/a:skype:skype:3.8.0.144
cpe:/a:skype:skype:3.8.0.154
cpe:/a:skype:skype:3.8.0.180
cpe:/a:skype:skype:3.8.0.188
cpe:/a:skype:skype:3.8.0.96:beta
cpe:/a:skype:skype:4.0.0.145:beta
cpe:/a:skype:skype:4.0.0.150:beta
cpe:/a:skype:skype:4.0.0.155:beta_1
cpe:/a:skype:skype:4.0.0.161:beta
cpe:/a:skype:skype:4.0.0.166:beta_2
cpe:/a:skype:skype:4.0.0.168:beta_2
cpe:/a:skype:skype:4.0.0.169:beta_2
cpe:/a:skype:skype:4.0.0.176:beta_3
cpe:/a:skype:skype:4.0.0.181:beta_3
cpe:/a:skype:skype:4.0.0.206
cpe:/a:skype:skype:4.0.0.215
cpe:/a:skype:skype:4.0.0.216
cpe:/a:skype:skype:4.0.0.224
cpe:/a:skype:skype:4.0.0.226
cpe:/a:skype:skype:4.0.0.227
cpe:/a:skype:skype:4.0:beta_3
cpe:/a:skype:skype:4.1.0.130
cpe:/a:skype:skype:4.1.0.130:beta
cpe:/a:skype:skype:4.1.0.136
cpe:/a:skype:skype:4.1.0.141
cpe:/a:skype:skype:4.1.0.166
cpe:/a:skype:skype:4.1.0.179
cpe:/a:skype:skype:4.2.0.141:beta
cpe:/a:skype:skype:4.2.0.152
cpe:/a:skype:skype:4.2.0.155
cpe:/a:skype:skype:4.2.0.158
cpe:/a:skype:skype:4.2.0.163
cpe:/a:skype:skype:4.2.0.166
cpe:/a:skype:skype:4.2.0.169 and previous versions
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
EXPLOIT-DB 14766




Vulnerability Type Other (NVD-CWE-Other)




Copyright © 2010 JPCERT/CC All Rights Reserved.