CVE-2004-1114
published 2005-01-10CVE-2004-1114: Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto://…
PriorityP336critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
5.75%
92.1th percentile
Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| skype_technologies | skype | <= 0.98.0.27 | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vr53-8hj3-vc9j: Buffer overflow in the handling of command line arguments in Skype 1
ghsa_unreviewed·2022-04-29·CVSS 5.0
CVE-2004-1114 [MEDIUM] CWE-119 GHSA-vr53-8hj3-vc9j: Buffer overflow in the handling of command line arguments in Skype 1
Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777.
GHSA
GHSA-3cmp-6g7x-v2gr: A "range check error" in Skype for Windows before 0
ghsa_unreviewed·2022-04-29·CVSS 9.3
CVE-2004-1777 [CRITICAL] CWE-20 GHSA-3cmp-6g7x-v2gr: A "range check error" in Skype for Windows before 0
A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028852.htmlhttp://marc.info/?l=bugtraq&m=110062240706017&w=2http://marc.info/?l=bugtraq&m=110067029422696&w=2http://secunia.com/advisories/13191http://www.osvdb.org/11786http://www.securityfocus.com/bid/11682http://www.skype.com/products/skype/windows/changelog.htmlhttp://www.skype.com/security/ssa-2004-02.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/18063http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028852.htmlhttp://marc.info/?l=bugtraq&m=110062240706017&w=2http://marc.info/?l=bugtraq&m=110067029422696&w=2http://secunia.com/advisories/13191http://www.osvdb.org/11786http://www.securityfocus.com/bid/11682http://www.skype.com/products/skype/windows/changelog.htmlhttp://www.skype.com/security/ssa-2004-02.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/18063
2005-01-10
Published