Lucene search

[email protected]CVE-2004-1778

HistoryMay 03, 2005 - 4:00 a.m.

CVE-2004-1778

2005-05-0304:00:00

CWE-276

[email protected]

web.nvd.nist.gov

skype

linux

world-writable permissions

cve-2004-1778

social engineering

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks.

Affected configurations

NVD

Node

skypeskypeMatch0.92.0.12

skypeskypeMatch1.0.0.1

CPENameOperatorVersion
skype:skypeskypeeq0.92.0.12
skype:skypeskypeeq1.0.0.1

CPE	Name	Operator	Version
skype:skype	skype	eq	0.92.0.12
skype:skype	skype	eq	1.0.0.1

References

marc.info/?l=bugtraq&m=110374568916303&w=2

marc.info/?l=bugtraq&m=110868557905786&w=2

www.securityfocus.com/bid/12081

exchange.xforce.ibmcloud.com/vulnerabilities/18644

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2004-1778

cvelist1 nvd1