Skype for Windows < 6.3.0.105 Multiple Vulnerabilities (uncredentialed check)

critical Nessus Plugin ID 66694

Synopsis

The remote Skype install is potentially affected by multiple vulnerabilities.

Description

According to its timestamp, the version of Skype installed on the remote Windows host is potentially affected by the following vulnerabilities :

- An error exists related to the Click to Call Service (c2c_service.exe) that could allow a local attacker to cause arbitrary DLL files to be loaded, thus allowing code execution.

- Several other unspecified errors exist.

Solution

Upgrade to Skype for Windows 6.3.0.105 or later.

See Also

https://seclists.org/bugtraq/2013/Mar/94

http://blogs.skype.com/2013/03/14/skype-6-3-for-windows/

Plugin Details

Severity: Critical

ID: 66694

File Name: skype_6_3_0_105.nasl

Version: 1.7

Type: remote

Family: Misc.

Published: 5/30/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:skype:skype

Required KB Items: Services/skype

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/14/2013

Vulnerability Publication Date: 3/14/2013

Reference Information

BID: 58519, 58805