{"vuid":"VU#930345","idnumber":"930345","name":"Skype URI handling routine contains a buffer overflow","keywords":["Skype","buffer overflow","arbitrary code execution","URI","callto://","skype://"],"overview":"A buffer overflow in Skype may allow a remote attacker to execute code on a vulnerable system.","clean_desc":"Skype software provides telephone service over IP networks. There is a buffer overflow in the routines that handle Skype-specific URIs (callto:// or skype://). The buffer overflow may stem from an input validation error in the Delphi routine SysUtils.WideFmtStr(...). For more information, please see Skype Security Bulletin SKYPE-SB/2005-002 and Delphi Bug Report 4744.","impact":"A remote attacker may be able to execute arbitrary code if they can persuade a user to access a Skype-specific URI with a vulnerable Skype installation.","resolution":"Upgrade Skype\nPlease see Skype Security Bulletin SKYPE-SB/2005-002 for a list of fixed Skype versions.","workarounds":"Do not access Skype URIs from untrusted sources Exploitatio","sysaffected":"","thanks":"This vulnerability was reported by SKY-CERT. SKY-CERT credits \nMark Rowe of Pentest Limited with providing information regarding this issue.","author":"This document was written by Jeff Gennari.","public":["http://secunia.com/advisories/17305/","http://www.skype.com/security/skype-sb-2005-02.html","http://qc.borland.com/wc/qcmain.aspx?d=4744"],"cveids":["CAN-2005-3265"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2020-05-21T16:12:22.259352Z","publicdate":"2005-10-25T00:00:00Z","datefirstpublished":"2005-10-26T14:20:30Z","dateupdated":"2005-10-26T16:49:00Z","revision":14,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":"N/A","cvss_basevector":"N/A","cvss_temporalscore":"N/A","cvss_environmentalscore":"N/A","cvss_environmentalvector":"N/A","metric":10.125,"vulnote":null}