Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2010-3136

Published: 26/08/2010 Updated: 19/09/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Skype

Vulnerability Summary

Untrusted search path vulnerability in Skype 4.2.0.169 and previous versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file.

Vulnerable Product Search on Vulmon Subscribe to Product

skype skype 3.0.0.217

skype skype 3.0.0.218

skype skype 3.0.0.137

skype skype 3.0.0.154

skype skype 3.0.0.190

skype skype 3.0.0.198

skype skype 2.6.0.81

skype skype 2.6.0.97

skype skype 3.2.0.53

skype skype 3.1.0.152

skype skype 2.0.0.81

skype skype 2.0.0.90

skype skype 1.3.0.60

skype skype 1.3.0.66

skype skype 2.6.0.74

skype skype 3.0.0.214

skype skype 3.0.0.216

skype skype 3.0.0.106

skype skype 3.0.0.123

skype skype 3.2.0.158

skype skype 3.2.0.152

skype skype 3.2.0.148

skype skype 3.1.0.144

skype skype 3.1.0.134

skype skype 1.4.0.84

skype skype 2.0.0.69

skype skype 1.3.0.54

skype skype 1.3.0.55

skype skype 2.5.0.141

skype skype 2.5.0.137

skype skype 2.5.0.72

skype skype 2.0.0.107

skype skype 1.0.0.100

skype skype 1.0.0.106

skype skype 1.3.0.45

skype skype 0.94.0.28

skype skype 0.96.0.1

skype skype 0.97.0.3

skype skype 0.90.0.5

skype skype 0.90.0.10

skype skype 4.0.0.226

skype skype 4.0.0.227

skype skype 3.6.0.127

skype skype 3.6.0.159

skype skype 3.5.0.158

skype skype 3.5.0.178

skype skype 4.0.0.166

skype skype 4.0

skype skype 3.8.0.144

skype skype 3.0.0.205

skype skype 3.0.0.209

skype skype 2.6.0.103

skype skype 2.6.0.105

skype skype 3.2.0.145

skype skype 3.2.0.115

skype skype 3.1.0.112

skype skype 2.0.0.79

skype skype 2.0.0.73

skype skype 1.3.0.57

skype skype 2.5.0.154

skype skype 2.5.0.151

skype skype 2.5.0.91

skype skype 2.5.0.82

skype skype 0.98.0.68

skype skype 1.0.0.9

skype skype 1.1.0.6

skype skype 1.1.0.73

skype skype 0.94.0.19

skype skype 0.95.0.25

skype skype 0.97.0.1

skype skype 0.97.0.40

skype skype 0.93.0.18

skype skype 0.93.1.1

skype skype 4.0.0.216

skype skype 4.0.0.224

skype skype 3.6.0.216

skype skype 3.6.0.244

skype skype 3.6.0.248

skype skype 2.6.0.67

skype skype 2.5.0.122

skype skype 2.5.0.113

skype skype 1.0.0.10

skype skype 1.0.0.18

skype skype 1.0.0.29

skype skype 1.1.0.79

skype skype 1.2.0.37

skype skype 0.95.0.11

skype skype 0.95.0.40

skype skype 0.97.0.6

skype skype 0.98.0.6

skype skype 0.98.0.04

skype skype 0.91.0.2

skype skype 0.92.0.4

skype skype 4.1.0.136

skype skype 4.1.0.141

skype skype 3.8.0.96

skype skype 3.8.0.115

skype skype 3.5.0.229

skype skype 3.5.0.234

skype skype 4.0.0.176

skype skype 4.0.0.215

skype skype 4.0.0.161

skype skype 4.0.0.155

skype skype 4.2.0.155

skype skype 4.2.0.152

skype skype 3.8.0.188

skype skype 3.8.0.180

skype skype

skype skype 4.2.0.166

skype skype 3.5.0.202

skype skype 3.5.0.214

skype skype 4.0.0.169

skype skype 4.0.0.181

skype skype 4.0.0.150

skype skype 4.0.0.145

skype skype 4.2.0.163

skype skype 4.2.0.158

skype skype 3.2.0.175

skype skype 3.2.0.163

skype skype 3.1.0.150

skype skype 3.1.0.147

skype skype 2.0.0.97

skype skype 1.4.0.78

skype skype 1.4.0.71

skype skype 1.3.0.48

skype skype 1.3.0.51

skype skype 2.5.0.130

skype skype 2.5.0.126

skype skype 2.0.0.105

skype skype 2.0.0.103

skype skype 1.0.0.94

skype skype 1.0.0.97

skype skype 1.2.0.41

skype skype 1.2.0.48

skype skype 0.95.0.36

skype skype 0.96.0.3

skype skype 0.98.0.42

skype skype 0.98.0.28

skype skype 4.1.0.166

skype skype 4.1.0.179

skype skype 4.1.0.130

skype skype 3.8.0.139

skype skype 3.5.0.107

skype skype 3.5.0.239

skype skype 4.0.0.168

skype skype 4.0.0.206

skype skype 3.8.0.154

skype skype 3.2.0.82

skype skype 3.2.0.63

skype skype 4.2.0.141

Exploits

Exploit DB: Skype 4.2.0.169 - 'wab32.dll' DLL Hijacking
/* Exploit Title: Skype <= 420169 DLL Hijacking Exploit (wab32dll) Date: August 25, 2010 Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com) Version: Latest Skype v420169 Tested on: Windows 7 x64 Ultimate Vulnerable extensions: skype Greetz: Astalavista, OffSEC, Exploit-DB Notes: Create folders %commonprogramfiles%\system and p ...

References

NVD-CWE-Otherhttp://www.exploit-db.com/exploits/14766https://exchange.xforce.ibmcloud.com/vulnerabilities/64577https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11833https://nvd.nist.govhttps://www.exploit-db.com/exploits/14766/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook