Details of VAR-201105-0133

ID

VAR-201105-0133

CVE

CVE-2011-2074

TITLE

Skype Service disruption in Japanese clients (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2011-004621

DESCRIPTION

Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a crafted message. Skype for Mac is prone to an unspecified remote code-execution vulnerability. Attackers may exploit this issue to compromise the affected computer. Very few details are available regarding this issue. We will update this BID as more information emerges. Skype for Android is a set of free voice communication software based on the Android platform of Microsoft Corporation. The software supports functions such as video messaging, voice mail, Bluetooth headsets, and conference calls. ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Skype for Mac Message Processing Code Execution Vulnerability SECUNIA ADVISORY ID: SA44522 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44522/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44522 RELEASE DATE: 2011-05-10 DISCUSS ADVISORY: http://secunia.com/advisories/44522/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44522/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44522 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Skype for Mac, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error when processing messages from a contact. Successful exploitation may allow execution of arbitrary code but requires that a contact is already added to the victim's Contact List. SOLUTION: Update to version 5.1.0.922. PROVIDED AND/OR DISCOVERED BY: Gordon Maddern, Pure Hacking. ORIGINAL ADVISORY: Skype: http://blogs.skype.com/security/2011/05/security_vulnerability_in_mac.html Pure Hacking: http://www.purehacking.com/blogs/gordon-maddern/skype-0day-vulnerabilitiy-discovered-by-pure-hacking OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2011-2074 // JVNDB: JVNDB-2011-004621 // BID: 47747 // VULHUB: VHN-50019 // PACKETSTORM: 101255

AFFECTED PRODUCTS

vendor:	skype	model:	skype	scope:	eq	version:	5.0.0.152	Trust: 1.6
vendor:	skype	model:	skype	scope:	eq	version:	5.1.0.112	Trust: 1.6
vendor:	skype	model:	skype	scope:	eq	version:	5.0.0.123	Trust: 1.6
vendor:	skype	model:	skype	scope:	eq	version:	5.1.0.104	Trust: 1.6
vendor:	skype	model:	skype	scope:	eq	version:	5.0.0.105	Trust: 1.6
vendor:	skype	model:	skype	scope:	eq	version:	5.0.0.156	Trust: 1.6
vendor:	skype s a	model:	skype	scope:	eq	version:	mac os edition 5.1.0.922	Trust: 0.8
vendor:	skype s a	model:	skype	scope:	lt	version:	5.x	Trust: 0.8
vendor:	skype	model:	(mac os	scope:	eq	version:	x)5	Trust: 0.3
vendor:	skype	model:	skype	scope:	-	version:	-	Trust: 0.3
vendor:	skype	model:	(mac os	scope:	ne	version:	x)5.1.0.922	Trust: 0.3

sources: BID: 47747 // JVNDB: JVNDB-2011-004621 // CNNVD: CNNVD-201105-138 // NVD: CVE-2011-2074

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-2074
value:	HIGH
Trust: 1.0
NVD:	CVE-2011-2074
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201105-138
value:	HIGH
Trust: 0.6
VULHUB:	VHN-50019
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2011-2074
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-50019
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-50019 // JVNDB: JVNDB-2011-004621 // CNNVD: CNNVD-201105-138 // NVD: CVE-2011-2074

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2011-2074

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201105-138

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201105-138

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-004621

PATCH

title:

Security Vulnerability in Mac

url:

http://blogs.skype.com/security/2011/05/security_vulnerability_in_mac.html

Trust: 0.8

sources: JVNDB: JVNDB-2011-004621

EXTERNAL IDS

db:	NVD	id:	CVE-2011-2074	Trust: 2.8
db:	BID	id:	47747	Trust: 2.0
db:	SECUNIA	id:	44522	Trust: 1.8
db:	VUPEN	id:	ADV-2011-1192	Trust: 1.7
db:	JVNDB	id:	JVNDB-2011-004621	Trust: 0.8
db:	CNNVD	id:	CNNVD-201105-138	Trust: 0.7
db:	VULHUB	id:	VHN-50019	Trust: 0.1
db:	PACKETSTORM	id:	101255	Trust: 0.1

sources: VULHUB: VHN-50019 // BID: 47747 // JVNDB: JVNDB-2011-004621 // PACKETSTORM: 101255 // CNNVD: CNNVD-201105-138 // NVD: CVE-2011-2074

REFERENCES

url:	http://blogs.skype.com/security/2011/05/security_vulnerability_in_mac.html	Trust: 2.1
url:	http://www.purehacking.com/blogs/gordon-maddern/skype-0day-vulnerabilitiy-discovered-by-pure-hacking	Trust: 2.1
url:	http://www.securityfocus.com/bid/47747	Trust: 1.7
url:	http://isc.sans.edu/diary.html?storyid=10837	Trust: 1.7
url:	http://www.theregister.co.uk/2011/05/06/skype_for_mac_critical_vulnerability/	Trust: 1.7
url:	http://secunia.com/advisories/44522	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2011/1192	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2074	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2074	Trust: 0.8
url:	http://www.skype.com/	Trust: 0.3
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/advisories/44522/	Trust: 0.1
url:	http://secunia.com/company/jobs/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=44522	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/44522/#comments	Trust: 0.1

sources: VULHUB: VHN-50019 // BID: 47747 // JVNDB: JVNDB-2011-004621 // PACKETSTORM: 101255 // CNNVD: CNNVD-201105-138 // NVD: CVE-2011-2074

CREDITS

Pure Hacking

Trust: 0.3

sources: BID: 47747

SOURCES

db:	VULHUB	id:	VHN-50019
db:	BID	id:	47747
db:	JVNDB	id:	JVNDB-2011-004621
db:	PACKETSTORM	id:	101255
db:	CNNVD	id:	CNNVD-201105-138
db:	NVD	id:	CVE-2011-2074

LAST UPDATE DATE

2025-04-11T23:03:16.078000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-50019	date:	2011-05-26T00:00:00
db:	BID	id:	47747	date:	2015-04-13T21:01:00
db:	JVNDB	id:	JVNDB-2011-004621	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201105-138	date:	2011-05-11T00:00:00
db:	NVD	id:	CVE-2011-2074	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-50019	date:	2011-05-10T00:00:00
db:	BID	id:	47747	date:	2011-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2011-004621	date:	2012-03-27T00:00:00
db:	PACKETSTORM	id:	101255	date:	2011-05-09T04:44:17
db:	CNNVD	id:	CNNVD-201105-138	date:	2011-05-11T00:00:00
db:	NVD	id:	CVE-2011-2074	date:	2011-05-10T18:55:02.590