Lucene search

PRIOn knowledge basePRION:CVE-2006-2312

HistoryMay 19, 2006 - 9:02 p.m.

Design/Logic Flaw

2006-05-1921:02:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.024 Low

EPSS

Percentile

89.7%

JSON

Argument injection vulnerability in the URI handler in Skype 2.0..104 and 2.5..0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.

CPENameOperatorVersion
skypelt2.0.0.105
skypege2.5.0.0
skypelt2.5.0.79

Name	Operator	Version
skype	lt	2.0.0.105
skype	ge	2.5.0.0
skype	lt	2.5.0.79

References

archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html

secunia.com/advisories/20154

www.kb.cert.org/vuls/id/466428

www.osvdb.org/25658

www.securityfocus.com/archive/1/434707/30/4860/threaded

www.securityfocus.com/bid/18038

www.vupen.com/english/advisories/2006/1871

exchange.xforce.ibmcloud.com/vulnerabilities/26557

www.skype.com/security/skype-sb-2006-001.html

7.2 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.024 Low

EPSS

Percentile

89.7%

JSON

Related for PRION:CVE-2006-2312