Lucene search

[email protected]CVE-2006-2312

HistoryMay 19, 2006 - 9:02 p.m.

CVE-2006-2312

2006-05-1921:02:00

CWE-88

[email protected]

web.nvd.nist.gov

skype

uri handler

vulnerability

remote attack

windows

download

arbitrary files

7.2 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.024 Low

EPSS

Percentile

89.9%

JSON

Argument injection vulnerability in the URI handler in Skype 2.0..104 and 2.5..0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.

CPENameOperatorVersion
skype:skypeskypelt2.0.0.105
skype:skypeskypelt2.5.0.79

CPE	Name	Operator	Version
skype:skype	skype	lt	2.0.0.105
skype:skype	skype	lt	2.5.0.79

References

archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html

secunia.com/advisories/20154

www.kb.cert.org/vuls/id/466428

www.osvdb.org/25658

www.securityfocus.com/archive/1/434707/30/4860/threaded

www.securityfocus.com/bid/18038

www.skype.com/security/skype-sb-2006-001.html

www.vupen.com/english/advisories/2006/1871

exchange.xforce.ibmcloud.com/vulnerabilities/26557

7.2 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.024 Low

EPSS

Percentile

89.9%

JSON

Related for CVE-2006-2312

securityvulns1 prion1 nessus1 cvelist1 cert1