CVE-2007-5989
published 2007-12-13CVE-2007-5989: Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values"…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.44%
90.2th percentile
Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wf74-jqp7-237w: Unspecified vulnerability in the skype4com URI handler in Skype before 3
ghsa_unreviewed·2022-05-01
CVE-2007-5989 [MEDIUM] CWE-119 GHSA-wf74-jqp7-237w: Unspecified vulnerability in the skype4com URI handler in Skype before 3
Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.
Red Hat
tog-pegasus pam authentication buffer overflow
vendor_redhat·2008-01-07·CVSS 7.5
CVE-2008-0003 [HIGH] CWE-121 tog-pegasus pam authentication buffer overflow
tog-pegasus pam authentication buffer overflow
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.
Mitigation: The tog-pegasus package is not installed by default on Red Hat Enterprise Linux.
tog-pegasus supplied by Red Hat binds only to one port (as plain http is
disabled), port 5989. The default firewall installed by Red Hat Enterprise
Linux will block remote access to this port. In normal use it's unlikely you'd
want to have this port accessible outside of an intranet anyway, and it's likely
to be blocked by en
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/39170http://secunia.com/advisories/27934http://securityreason.com/securityalert/3440http://securitytracker.com/id?1019056http://www.securityfocus.com/archive/1/484703/100/0/threadedhttp://www.securityfocus.com/bid/26748http://www.vupen.com/english/advisories/2007/4110http://www.zerodayinitiative.com/advisories/ZDI-07-070.htmlhttp://osvdb.org/39170http://secunia.com/advisories/27934http://securityreason.com/securityalert/3440http://securitytracker.com/id?1019056http://www.securityfocus.com/archive/1/484703/100/0/threadedhttp://www.securityfocus.com/bid/26748http://www.vupen.com/english/advisories/2007/4110http://www.zerodayinitiative.com/advisories/ZDI-07-070.html
2007-12-13
Published