Vulnerability Description
Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Skype Technologies | Skype | 1.0.0.9 |
Related Weaknesses (CWE)
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028852.html
- http://marc.info/?l=bugtraq&m=110062240706017&w=2
- http://marc.info/?l=bugtraq&m=110067029422696&w=2
- http://secunia.com/advisories/13191
- http://www.osvdb.org/11786
- http://www.securityfocus.com/bid/11682PatchVendor Advisory
- http://www.skype.com/products/skype/windows/changelog.html
- http://www.skype.com/security/ssa-2004-02.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18063
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028852.html
- http://marc.info/?l=bugtraq&m=110062240706017&w=2
- http://marc.info/?l=bugtraq&m=110067029422696&w=2
- http://secunia.com/advisories/13191
- http://www.osvdb.org/11786
- http://www.securityfocus.com/bid/11682PatchVendor Advisory
FAQ
What is CVE-2004-1114?
CVE-2004-1114 is a vulnerability with a CVSS score of 9.3 (HIGH). Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a ...
How severe is CVE-2004-1114?
CVE-2004-1114 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1114?
Check the references section above for vendor advisories and patch information. Affected products include: Skype Technologies Skype.