CVE-2008-0582

2008-02-0503:00:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2008-0582

cross-zone scripting

internet explorer

skype

remote attackers

arbitrary web script

html

local machine zone

skypefind

uri handler

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.1%

JSON

Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler.

Affected configurations

NVD

Node

skype_technologiesskypeMatch3.1

skype_technologiesskypeMatch3.2

skype_technologiesskypeMatch3.5

skype_technologiesskypeMatch3.6

skype_technologiesskypeMatch3.6.0.244

CPENameOperatorVersion
skype_technologies:skypeskype technologies skypeeq3.1
skype_technologies:skypeskype technologies skypeeq3.2
skype_technologies:skypeskype technologies skypeeq3.5
skype_technologies:skypeskype technologies skypeeq3.6
skype_technologies:skypeskype technologies skypeeq3.6.0.244

CPE	Name	Operator	Version
skype_technologies:skype	skype technologies skype	eq	3.1
skype_technologies:skype	skype technologies skype	eq	3.2
skype_technologies:skype	skype technologies skype	eq	3.5
skype_technologies:skype	skype technologies skype	eq	3.6
skype_technologies:skype	skype technologies skype	eq	3.6.0.244