CVE-2010-3136
critical
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
10.0
Description
Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Skype 4.2.0.169 - 'wab32.dll' DLL Hijacking
Source code queued for fetch โ refresh in a moment.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| skype | skype | 3.1.0.150 | |
| skype | skype | {"endIncluding":"4.2.0.169"} | |
| skype | skype | 0.90.0.5 | |
| skype | skype | 0.90.0.10 | |
| skype | skype | 0.91.0.2 | |
| skype | skype | 0.92.0.4 | |
| skype | skype | 0.93.0.18 | |
| skype | skype | 0.93.1.1 | |
| skype | skype | 0.94.0.19 | |
| skype | skype | 0.94.0.28 | |
| skype | skype | 0.95.0.11 | |
| skype | skype | 0.95.0.25 | |
| skype | skype | 0.95.0.36 | |
| skype | skype | 0.95.0.40 | |
| skype | skype | 0.96.0.1 | |
| skype | skype | 0.96.0.3 | |
| skype | skype | 0.97.0.1 | |
| skype | skype | 0.97.0.3 | |
| skype | skype | 0.97.0.6 | |
| skype | skype | 0.97.0.40 | |
| skype | skype | 0.98.0.04 | |
| skype | skype | 0.98.0.6 | |
| skype | skype | 0.98.0.28 | |
| skype | skype | 0.98.0.42 | |
| skype | skype | 0.98.0.68 | |
| skype | skype | 1.0.0.9 | |
| skype | skype | 1.0.0.10 | |
| skype | skype | 1.0.0.18 | |
| skype | skype | 1.0.0.29 | |
| skype | skype | 1.0.0.94 | |
| skype | skype | 1.0.0.97 | |
| skype | skype | 1.0.0.100 | |
| skype | skype | 1.0.0.106 | |
| skype | skype | 1.1.0.6 | |
| skype | skype | 1.1.0.73 | |
| skype | skype | 1.1.0.79 | |
| skype | skype | 1.2.0.37 | |
| skype | skype | 1.2.0.41 | |
| skype | skype | 1.2.0.48 | |
| skype | skype | 1.3.0.45 | |
| skype | skype | 1.3.0.48 | |
| skype | skype | 1.3.0.51 | |
| skype | skype | 1.3.0.54 | |
| skype | skype | 1.3.0.55 | |
| skype | skype | 1.3.0.57 | |
| skype | skype | 1.3.0.60 | |
| skype | skype | 1.3.0.66 | |
| skype | skype | 1.4.0.71 | |
| skype | skype | 1.4.0.78 | |
| skype | skype | 1.4.0.84 | |
| skype | skype | 2.0.0.69 | |
| skype | skype | 2.0.0.73 | |
| skype | skype | 2.0.0.79 | |
| skype | skype | 2.0.0.81 | |
| skype | skype | 2.0.0.90 | |
| skype | skype | 2.0.0.97 | |
| skype | skype | 2.0.0.103 | |
| skype | skype | 2.0.0.105 | |
| skype | skype | 2.0.0.107 | |
| skype | skype | 2.5.0.72 | |
| skype | skype | 2.5.0.82 | |
| skype | skype | 2.5.0.91 | |
| skype | skype | 2.5.0.113 | |
| skype | skype | 2.5.0.122 | |
| skype | skype | 2.5.0.126 | |
| skype | skype | 2.5.0.130 | |
| skype | skype | 2.5.0.137 | |
| skype | skype | 2.5.0.141 | |
| skype | skype | 2.5.0.151 | |
| skype | skype | 2.5.0.154 | |
| skype | skype | 2.6.0.67 | |
| skype | skype | 2.6.0.74 | |
| skype | skype | 2.6.0.81 | |
| skype | skype | 2.6.0.97 | |
| skype | skype | 2.6.0.103 | |
| skype | skype | 2.6.0.105 | |
| skype | skype | 3.0.0.106 | |
| skype | skype | 3.0.0.123 | |
| skype | skype | 3.0.0.137 | |
| skype | skype | 3.0.0.154 | |
| skype | skype | 3.0.0.190 | |
| skype | skype | 3.0.0.198 | |
| skype | skype | 3.0.0.205 | |
| skype | skype | 3.0.0.209 | |
| skype | skype | 3.0.0.214 | |
| skype | skype | 3.0.0.216 | |
| skype | skype | 3.0.0.217 | |
| skype | skype | 3.0.0.218 | |
| skype | skype | 3.1.0.112 | |
| skype | skype | 3.1.0.134 | |
| skype | skype | 3.1.0.144 | |
| skype | skype | 3.1.0.147 | |
| skype | skype | 3.1.0.152 | |
| skype | skype | 3.2.0.53 | |
| skype | skype | 3.2.0.63 | |
| skype | skype | 3.2.0.82 | |
| skype | skype | 3.2.0.115 | |
| skype | skype | 3.2.0.145 | |
| skype | skype | 3.2.0.148 | |
| skype | skype | 3.2.0.152 | |
| skype | skype | 3.2.0.158 | |
| skype | skype | 3.2.0.163 | |
| skype | skype | 3.2.0.175 | |
| skype | skype | 3.5.0.107 | |
| skype | skype | 3.5.0.158 | |
| skype | skype | 3.5.0.178 | |
| skype | skype | 3.5.0.202 | |
| skype | skype | 3.5.0.214 | |
| skype | skype | 3.5.0.229 | |
| skype | skype | 3.5.0.234 | |
| skype | skype | 3.5.0.239 | |
| skype | skype | 3.6.0.127 | |
| skype | skype | 3.6.0.159 | |
| skype | skype | 3.6.0.216 | |
| skype | skype | 3.6.0.244 | |
| skype | skype | 3.6.0.248 | |
| skype | skype | 3.8.0.96 | |
| skype | skype | 3.8.0.115 | |
| skype | skype | 3.8.0.139 | |
| skype | skype | 3.8.0.144 | |
| skype | skype | 3.8.0.154 | |
| skype | skype | 3.8.0.180 | |
| skype | skype | 3.8.0.188 | |
| skype | skype | 4.0 | |
| skype | skype | 4.0.0.145 | |
| skype | skype | 4.0.0.150 | |
| skype | skype | 4.0.0.155 | |
| skype | skype | 4.0.0.161 | |
| skype | skype | 4.0.0.166 | |
| skype | skype | 4.0.0.168 | |
| skype | skype | 4.0.0.169 | |
| skype | skype | 4.0.0.176 | |
| skype | skype | 4.0.0.181 | |
| skype | skype | 4.0.0.206 | |
| skype | skype | 4.0.0.215 | |
| skype | skype | 4.0.0.216 | |
| skype | skype | 4.0.0.224 | |
| skype | skype | 4.0.0.226 | |
| skype | skype | 4.0.0.227 | |
| skype | skype | 4.1.0.130 | |
| skype | skype | 4.1.0.136 | |
| skype | skype | 4.1.0.141 | |
| skype | skype | 4.1.0.166 | |
| skype | skype | 4.1.0.179 | |
| skype | skype | 4.2.0.141 | |
| skype | skype | 4.2.0.152 | |
| skype | skype | 4.2.0.155 | |
| skype | skype | 4.2.0.158 | |
| skype | skype | 4.2.0.163 | |
| skype | skype | 4.2.0.166 | |
References
- http://www.exploit-db.com/exploits/14766
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64577
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11833
- http://www.exploit-db.com/exploits/14766
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64577
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11833
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.