CVE-2008-0583

2008-02-0503:00:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2008-0583

skype

cross-zone scripting

vulnerability

internet explorer

web control

metacafe

user-assisted remote attackers

arbitrary web script

html

windows

metacafe pro

skype video gallery

security

nvd

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.299 Low

EPSS

Percentile

96.9%

JSON

Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) “Add video to chat” or (2) “Add video to mood” dialog, a different vector than CVE-2008-0454.

Affected configurations

NVD

Node

skype_technologiesskypeMatch3.5

skype_technologiesskypeMatch3.6

skype_technologiesskypeMatch3.6.216

skype_technologiesskypeMatch3.6.244

CPENameOperatorVersion
skype_technologies:skypeskype technologies skypeeq3.5
skype_technologies:skypeskype technologies skypeeq3.6
skype_technologies:skypeskype technologies skypeeq3.6.216
skype_technologies:skypeskype technologies skypeeq3.6.244

CPE	Name	Operator	Version
skype_technologies:skype	skype technologies skype	eq	3.5
skype_technologies:skype	skype technologies skype	eq	3.6
skype_technologies:skype	skype technologies skype	eq	3.6.216
skype_technologies:skype	skype technologies skype	eq	3.6.244