Lucene search

[email protected]CVE-2008-2545

HistoryJun 06, 2008 - 10:32 p.m.

CVE-2008-2545

2008-06-0622:32:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2008-2545

skype

remote code execution

file uri

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.074 Low

EPSS

Percentile

94.1%

JSON

Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case.

Affected configurations

NVD

Node

skype_technologiesskypeRange≤3.8.0.115

skype_technologiesskypeMatch3.0.0.106beta

skype_technologiesskypeMatch3.0.0.123beta

skype_technologiesskypeMatch3.0.0.137beta

skype_technologiesskypeMatch3.0.0.154beta

skype_technologiesskypeMatch3.0.0.190

skype_technologiesskypeMatch3.0.0.198

skype_technologiesskypeMatch3.0.0.205

skype_technologiesskypeMatch3.0.0.209

skype_technologiesskypeMatch3.0.0.214

skype_technologiesskypeMatch3.0.0.216

skype_technologiesskypeMatch3.0.0.217

skype_technologiesskypeMatch3.0.0.218

skype_technologiesskypeMatch3.1.0.112beta

skype_technologiesskypeMatch3.1.0.134beta

skype_technologiesskypeMatch3.1.0.144

skype_technologiesskypeMatch3.1.0.147

skype_technologiesskypeMatch3.1.0.150

skype_technologiesskypeMatch3.1.0.152

skype_technologiesskypeMatch3.2.0.53beta

skype_technologiesskypeMatch3.2.0.63beta

skype_technologiesskypeMatch3.2.0.82beta

skype_technologiesskypeMatch3.2.0.115beta

skype_technologiesskypeMatch3.2.0.145

skype_technologiesskypeMatch3.2.0.148

skype_technologiesskypeMatch3.2.0.152

skype_technologiesskypeMatch3.2.0.158

skype_technologiesskypeMatch3.2.0.163

skype_technologiesskypeMatch3.2.0.175

skype_technologiesskypeMatch3.5.0.107beta

skype_technologiesskypeMatch3.5.0.158beta

skype_technologiesskypeMatch3.5.0.178beta

skype_technologiesskypeMatch3.5.0.202

skype_technologiesskypeMatch3.5.0.214

skype_technologiesskypeMatch3.5.0.229

skype_technologiesskypeMatch3.5.0.234

skype_technologiesskypeMatch3.5.0.239

skype_technologiesskypeMatch3.6.0.127beta

skype_technologiesskypeMatch3.6.0.159beta

skype_technologiesskypeMatch3.6.0.216

skype_technologiesskypeMatch3.6.0.244

skype_technologiesskypeMatch3.6.0.248

skype_technologiesskypeMatch3.8.0.96beta

CPENameOperatorVersion
skype_technologies:skypeskype technologies skypele3.8.0.115
skype_technologies:skypeskype technologies skypeeq3.0.0.106
skype_technologies:skypeskype technologies skypeeq3.0.0.123
skype_technologies:skypeskype technologies skypeeq3.0.0.137
skype_technologies:skypeskype technologies skypeeq3.0.0.154
skype_technologies:skypeskype technologies skypeeq3.0.0.190
skype_technologies:skypeskype technologies skypeeq3.0.0.198
skype_technologies:skypeskype technologies skypeeq3.0.0.205
skype_technologies:skypeskype technologies skypeeq3.0.0.209
skype_technologies:skypeskype technologies skypeeq3.0.0.214

CPE	Name	Operator	Version
skype_technologies:skype	skype technologies skype	le	3.8.0.115
skype_technologies:skype	skype technologies skype	eq	3.0.0.106
skype_technologies:skype	skype technologies skype	eq	3.0.0.123
skype_technologies:skype	skype technologies skype	eq	3.0.0.137
skype_technologies:skype	skype technologies skype	eq	3.0.0.154
skype_technologies:skype	skype technologies skype	eq	3.0.0.190
skype_technologies:skype	skype technologies skype	eq	3.0.0.198
skype_technologies:skype	skype technologies skype	eq	3.0.0.205
skype_technologies:skype	skype technologies skype	eq	3.0.0.209
skype_technologies:skype	skype technologies skype	eq	3.0.0.214

Rows per page:

1-10 of 431

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=711

secunia.com/advisories/30547

www.securityfocus.com/bid/29553

www.securitytracker.com/id?1020201

www.skype.com/security/skype-sb-2008-003.html

www.vupen.com/english/advisories/2008/1749/references

exchange.xforce.ibmcloud.com/vulnerabilities/43044

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.074 Low

EPSS

Percentile

94.1%

JSON

Related for CVE-2008-2545

nvd1 prion1 cvelist1 nessus1