CVE-2010-3136

Skype <4.2.0.169 - RCE

Title source: llm

Description

Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Glafkos Charalambous · clocalwindows

https://www.exploit-db.com/exploits/14766

View Code ZIP pw:eip

References (3)

[Exploit] http://www.exploit-db.com/exploits/14766

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/64577

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11833

Scores

EPSS 0.0141

EPSS Percentile 80.6%

Details

Status published

Products (50)

skype/skype 0.90.0.5 beta

skype/skype 0.90.0.10 beta

skype/skype 0.91.0.2 beta

skype/skype 0.92.0.4 beta

skype/skype 0.93.0.18 beta

skype/skype 0.93.1.1 beta

skype/skype 0.94.0.19 beta

skype/skype 0.94.0.28 beta

skype/skype 0.95.0.11 beta

skype/skype 0.95.0.25 beta

... and 40 more

Published Aug 26, 2010

Tracked Since Feb 18, 2026