Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine.

Threat-Mapped Scoring

Score: 1.9

Priority: P3 - Important (Medium)

• S9 – Sabotage of System/App
• S10 – Denial of Service (+0.1 bonus)

EPSS

Score: 0.35548
Percentile: 0.9689

CVSS Scoring

Mapped CWE(s)

• CWE-119 : Improper Restriction of Operations within the Bounds of a Memory Buffer

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

• cpe:2.3:a:skype_technologies:skype:1.1.0.61:*:*:*:*:*:*:*
• cpe:2.3:a:skype_technologies:skype:1.1.0.73:*:*:*:*:*:*:*
• cpe:2.3:a:skype_technologies:skype:1.1.0.79:*:*:*:*:*:*:*
• cpe:2.3:a:skype_technologies:skype:1.2.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:skype_technologies:skype:1.2.0.37:*:*:*:*:*:*:*
• cpe:2.3:a:skype_technologies:skype:1.2.0.41:*:*:*:*:*:*:*
• cpe:2.3:a:skype_technologies:skype:1.2.0.46:*:*:*:*:*:*:*
• cpe:2.3:a:skype_technologies:skype:1.3.0.45:*:*:*:*:*:*:*
• cpe:2.3:a:skype_technologies:skype:1.3.0.48:*:*:*:*:*:*:*
• cpe:2.3:a:skype_technologies:skype:1.3.0.51:*:*:*:*:*:*:*
• cpe:2.3:a:skype_technologies:skype:1.3.0.54:*:*:*:*:*:*:*
• cpe:2.3:a:skype_technologies:skype:1.3.0.55:*:*:*:*:*:*:*
• cpe:2.3:a:skype_technologies:skype:1.3.0.57:*:*:*:*:*:*:*
• cpe:2.3:a:skype_technologies:skype:1.3.0.60:*:*:*:*:*:*:*
• cpe:2.3:a:skype_technologies:skype:1.3.0.66:*:*:*:*:*:*:*
• cpe:2.3:a:skype_technologies:skype:1.4.0.71:*:*:*:*:*:*:*
• cpe:2.3:a:skype_technologies:skype:1.4.0.78:*:*:*:*:*:*:*
• cpe:2.3:a:skype_technologies:skype:1.4.0.83:*:*:*:*:*:*:*

← Back to Home