Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2312

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-2312
Last Modified 17 Mar 2011 12:00:00
Published 19 May 2006 05:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2312

Summary

Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.

Vulnerable Systems

Application

  • Skype Technologies Skype 0.98.0.04

  • Skype Technologies Skype 1.0.0.10

  • Skype Technologies Skype 1.0.0.100

  • Skype Technologies Skype 1.0.0.18

  • Skype Technologies Skype 1.0.0.29

  • Skype Technologies Skype 1.0.0.9

  • Skype Technologies Skype 1.0.0.94

  • Skype Technologies Skype 1.0.0.97

  • Skype Technologies Skype 1.1.0.0

  • Skype Technologies Skype 1.4.0.83

  • Skype Technologies Skype 2.0

  • Skype Technologies Skype 2.0.104

  • Skype Technologies Skype 2.5

  • Skype Technologies Skype 2.5.78


References

CERT-VN - VU#466428

XF - skype-uri-handler-file-access(26557)

VUPEN - ADV-2006-1871

CONFIRM - http://www.skype.com/security/skype-sb-2006-001.html

BID - 18038

BUGTRAQ - 20060521 Skype - URI Handler Command Switch Parsing

OSVDB - 25658

SECUNIA - 20154


Last Updated: 27 May 2016 10:42:25