Vulnerability Details : CVE-2011-2074
Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a crafted message.
Vulnerability category: Execute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-2074
Probability of exploitation activity in the next 30 days: 0.68%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-2074
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
8.5
|
HIGH | AV:N/AC:M/Au:S/C:C/I:C/A:C |
6.8
|
10.0
|
NIST |
References for CVE-2011-2074
-
http://isc.sans.edu/diary.html?storyid=10837
InfoSec Handlers Diary Blog - Unpatched Exploit: Skype for Mac OS X
-
http://www.securityfocus.com/bid/47747
Skype Technologies Skype for Mac Unspecified Remote Code Execution Vulnerability
-
http://www.vupen.com/english/advisories/2011/1192
Webmail | OVH- OVHVendor Advisory
-
http://blogs.skype.com/security/2011/05/security_vulnerability_in_mac.html
Page not found | Skype BlogsPatch
-
http://www.purehacking.com/blogs/gordon-maddern/skype-0day-vulnerabilitiy-discovered-by-pure-hacking
Page not found | Pure Hacking
-
http://www.theregister.co.uk/2011/05/06/skype_for_mac_critical_vulnerability/
Skype bug gives attackers access to Mac OS X machines • The Register
Products affected by CVE-2011-2074
- cpe:2.3:a:skype:skype:5.0.0.105:beta:*:*:*:*:*:*
- cpe:2.3:a:skype:skype:5.0.0.156:*:*:*:*:*:*:*
- cpe:2.3:a:skype:skype:5.0.0.123:beta:*:*:*:*:*:*
- cpe:2.3:a:skype:skype:5.0.0.105:*:*:*:*:*:*:*
- cpe:2.3:a:skype:skype:5.1.0.112:*:*:*:*:*:*:*
- cpe:2.3:a:skype:skype:5.1.0.104:*:*:*:*:*:*:*
- cpe:2.3:a:skype:skype:5.0.0.152:*:*:*:*:*:*:*