Microsoft Skype vulnerabilities

CVE-2020-24003 [LOW] CVE-2020-24003: Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which all Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access.

CVE-2019-0932 [MEDIUM] CVE-2019-0932: An information disclosure vulnerability exists in Skype for Android, aka 'Skype for Android Informat An information disclosure vulnerability exists in Skype for Android, aka 'Skype for Android Information Disclosure Vulnerability'.

CVE-2019-0624 [MEDIUM] CWE-79 CVE-2019-0624: A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a s A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.

CVE-2019-0622 [MEDIUM] CWE-287 CVE-2019-0622: An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle speci An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35.

CVE-2018-8546 [MEDIUM] CVE-2018-8546: A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business De A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.

CVE-2018-8238 [HIGH] CVE-2018-8238: A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.

CVE-2018-8311 [HIGH] CWE-20 CVE-2018-8311: A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.

CVE-2017-9948 [HIGH] CWE-119 CVE-2017-9948: A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 bef A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.

CVE-2017-6517 [CRITICAL] CWE-427 CVE-2017-6517: Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote atta Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowle