Lucene search

[email protected]NVD:CVE-2008-0583

HistoryFeb 05, 2008 - 3:00 a.m.

CVE-2008-0583

2008-02-0503:00:00

CWE-94

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.267 Low

EPSS

Percentile

96.8%

JSON

Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) “Add video to chat” or (2) “Add video to mood” dialog, a different vector than CVE-2008-0454.

Affected configurations

NVD

Node

skype_technologiesskypeMatch3.5

skype_technologiesskypeMatch3.6

skype_technologiesskypeMatch3.6.216

skype_technologiesskypeMatch3.6.244

References

aviv.raffon.net/2008/01/22/NoMoreVideosForYouComeBackWhenPatchAvailable.aspx

skype.com/security/skype-sb-2008-001-update1.htm

www.kb.cert.org/vuls/id/794236

www.securityfocus.com/bid/27338

exchange.xforce.ibmcloud.com/vulnerabilities/39754

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.267 Low

EPSS

Percentile

96.8%

JSON

Related for NVD:CVE-2008-0583

prion2 cve2 cvelist2 nessus1 nvd1 cert1