Описание
Skype for Consumer Remote Code Execution Vulnerability
FAQ
How could an attacker exploit this vulnerability?
An attacker could exploit the vulnerability by sending the user a malicious link or a malicious image via Instant Message and then convincing the user to click the link or image.
How do I get the update?
- Click the Download link.
- Under Skype for Desktop select the Get Skype for Windows 10 & 11 arrow to display download options.
- Select from the following to download the version you need for your Desktop.
- Get Skype for Windows
- Get Skype for Mac
- Get Skype for Linux SNAP
To verify that you have the latest version of Skype installed, Select Settings > Help & Feedback.
For more information on how to update Skype, see Updating to the latest version of Skype.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?
An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
8.8 High
CVSS3
Связанные уязвимости
Skype for Consumer Remote Code Execution Vulnerability
Уязвимость программы мгновенного обмена сообщениями Skype for Consumer, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3