CVE-2010-3136

Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
skypeskype
𝑥
≤ 4.2.0.169
skypeskype
0.90.0.5:beta
skypeskype
0.90.0.10:beta
skypeskype
0.91.0.2:beta
skypeskype
0.92.0.4:beta
skypeskype
0.93.0.18:beta
skypeskype
0.93.1.1:beta
skypeskype
0.94.0.19:beta
skypeskype
0.94.0.28:beta
skypeskype
0.95.0.11:beta
skypeskype
0.95.0.25:beta
skypeskype
0.95.0.36:beta
skypeskype
0.95.0.40:beta
skypeskype
0.96.0.1:beta
skypeskype
0.96.0.3:beta
skypeskype
0.97.0.1:beta
skypeskype
0.97.0.3:beta
skypeskype
0.97.0.6:beta
skypeskype
0.97.0.40:beta
skypeskype
0.98.0.04:beta
skypeskype
0.98.0.6:beta
skypeskype
0.98.0.28:beta
skypeskype
0.98.0.42:beta
skypeskype
0.98.0.68:beta
skypeskype
1.0.0.9
skypeskype
1.0.0.10
skypeskype
1.0.0.18
skypeskype
1.0.0.29
skypeskype
1.0.0.94
skypeskype
1.0.0.97
skypeskype
1.0.0.100
skypeskype
1.0.0.106
skypeskype
1.1.0.6
skypeskype
1.1.0.73
skypeskype
1.1.0.79
skypeskype
1.2.0.37
skypeskype
1.2.0.41
skypeskype
1.2.0.48
skypeskype
1.3.0.45
skypeskype
1.3.0.48
skypeskype
1.3.0.51
skypeskype
1.3.0.54
skypeskype
1.3.0.55
skypeskype
1.3.0.57
skypeskype
1.3.0.60
skypeskype
1.3.0.66
skypeskype
1.4.0.71
skypeskype
1.4.0.78
skypeskype
1.4.0.84
skypeskype
2.0.0.69
skypeskype
2.0.0.73
skypeskype
2.0.0.79
skypeskype
2.0.0.81
skypeskype
2.0.0.90
skypeskype
2.0.0.97
skypeskype
2.0.0.103
skypeskype
2.0.0.105
skypeskype
2.0.0.107
skypeskype
2.5.0.72
skypeskype
2.5.0.82
skypeskype
2.5.0.91
skypeskype
2.5.0.113
skypeskype
2.5.0.122
skypeskype
2.5.0.126
skypeskype
2.5.0.130
skypeskype
2.5.0.137
skypeskype
2.5.0.141
skypeskype
2.5.0.151
skypeskype
2.5.0.154
skypeskype
2.6.0.67:beta
skypeskype
2.6.0.74:beta
skypeskype
2.6.0.81:beta
skypeskype
2.6.0.97:beta
skypeskype
2.6.0.103:beta
skypeskype
2.6.0.105:beta
skypeskype
3.0.0.106:beta
skypeskype
3.0.0.123:beta
skypeskype
3.0.0.137:beta
skypeskype
3.0.0.154:beta
skypeskype
3.0.0.190
skypeskype
3.0.0.198
skypeskype
3.0.0.205
skypeskype
3.0.0.209
skypeskype
3.0.0.214
skypeskype
3.0.0.216
skypeskype
3.0.0.217
skypeskype
3.0.0.218
skypeskype
3.1.0.112:beta
skypeskype
3.1.0.134:beta
skypeskype
3.1.0.144
skypeskype
3.1.0.147
skypeskype
3.1.0.150
skypeskype
3.1.0.152
skypeskype
3.2.0.53:beta
skypeskype
3.2.0.63:beta
skypeskype
3.2.0.82:beta
skypeskype
3.2.0.115:beta
skypeskype
3.2.0.145
skypeskype
3.2.0.148
skypeskype
3.2.0.152
skypeskype
3.2.0.158
skypeskype
3.2.0.163
skypeskype
3.2.0.175
skypeskype
3.5.0.107:beta
skypeskype
3.5.0.158:beta
skypeskype
3.5.0.178
skypeskype
3.5.0.202
skypeskype
3.5.0.214
skypeskype
3.5.0.229
skypeskype
3.5.0.234
skypeskype
3.5.0.239
skypeskype
3.6.0.127:beta
skypeskype
3.6.0.159:beta
skypeskype
3.6.0.216
skypeskype
3.6.0.244
skypeskype
3.6.0.248
skypeskype
3.8.0.96:beta
skypeskype
3.8.0.115
skypeskype
3.8.0.139
skypeskype
3.8.0.144
skypeskype
3.8.0.154
skypeskype
3.8.0.180
skypeskype
3.8.0.188
skypeskype
4.0:beta_3
skypeskype
4.0.0.145:beta
skypeskype
4.0.0.150:beta
skypeskype
4.0.0.155:beta_1
skypeskype
4.0.0.161:beta
skypeskype
4.0.0.166:beta_2
skypeskype
4.0.0.168:beta_2
skypeskype
4.0.0.169:beta_2
skypeskype
4.0.0.176:beta_3
skypeskype
4.0.0.181:beta_3
skypeskype
4.0.0.206
skypeskype
4.0.0.215
skypeskype
4.0.0.216
skypeskype
4.0.0.224
skypeskype
4.0.0.226
skypeskype
4.0.0.227
skypeskype
4.1.0.130
skypeskype
4.1.0.130:beta
skypeskype
4.1.0.136
skypeskype
4.1.0.141
skypeskype
4.1.0.166
skypeskype
4.1.0.179
skypeskype
4.2.0.141:beta
skypeskype
4.2.0.152
skypeskype
4.2.0.155
skypeskype
4.2.0.158
skypeskype
4.2.0.163
skypeskype
4.2.0.166
𝑥
= Vulnerable software versions
References
http://www.exploit-db.com/exploits/14766
https://exchange.xforce.ibmcloud.com/vulnerabilities/64577
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11833
http://www.exploit-db.com/exploits/14766
https://exchange.xforce.ibmcloud.com/vulnerabilities/64577
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11833