Vulnerability Description
Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Skype Technologies | Skype | 0.92.0.12 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=113026202728568&w=2
- http://secunia.com/advisories/17305/PatchVendor Advisory
- http://securityreason.com/securityalert/115
- http://skype.com/security/skype-sb-2005-03.htmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/905177US Government Resource
- http://www.osvdb.org/20306
- http://www.securityfocus.com/bid/15192ExploitPatch
- http://www.vupen.com/english/advisories/2005/2197Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22850
- http://marc.info/?l=bugtraq&m=113026202728568&w=2
- http://secunia.com/advisories/17305/PatchVendor Advisory
- http://securityreason.com/securityalert/115
- http://skype.com/security/skype-sb-2005-03.htmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/905177US Government Resource
- http://www.osvdb.org/20306
FAQ
What is CVE-2005-3267?
CVE-2005-3267 is a vulnerability with a CVSS score of 10.0 (HIGH). Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) v...
How severe is CVE-2005-3267?
CVE-2005-3267 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3267?
Check the references section above for vendor advisories and patch information. Affected products include: Skype Technologies Skype.