CVE-2020-24003

3.3LOW

Key Information:

Vendor: Microsoft
Status: Skype
Vendor: CVE Published:; 11 January 2021

Summary

Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access.

References

https://www.hdwsec.fr/blog/20200608-skype/

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2021
Vulnerability Reserved
Aug 13, 2020

Collectors

NVD DatabaseMitre Database