Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1805

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1805
Last Modified 07 Mar 2011 10:07:39
Published 06 Jun 2008 06:32:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1805

Summary

Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist.

Vulnerable Systems

Application

  • Skype Technologies Skype 3.0.0.106

  • Skype Technologies Skype 3.0.0.123

  • Skype Technologies Skype 3.0.0.137

  • Skype Technologies Skype 3.0.0.154

  • Skype Technologies Skype 3.0.0.190

  • Skype Technologies Skype 3.0.0.198

  • Skype Technologies Skype 3.0.0.205

  • Skype Technologies Skype 3.0.0.209

  • Skype Technologies Skype 3.0.0.214

  • Skype Technologies Skype 3.0.0.216

  • Skype Technologies Skype 3.0.0.217

  • Skype Technologies Skype 3.0.0.218

  • Skype Technologies Skype 3.1.0.112

  • Skype Technologies Skype 3.1.0.134

  • Skype Technologies Skype 3.1.0.144

  • Skype Technologies Skype 3.1.0.147

  • Skype Technologies Skype 3.1.0.150

  • Skype Technologies Skype 3.1.0.152

  • Skype Technologies Skype 3.2.0.115

  • Skype Technologies Skype 3.2.0.145

  • Skype Technologies Skype 3.2.0.148

  • Skype Technologies Skype 3.2.0.152

  • Skype Technologies Skype 3.2.0.158

  • Skype Technologies Skype 3.2.0.163

  • Skype Technologies Skype 3.2.0.175

  • Skype Technologies Skype 3.2.0.53

  • Skype Technologies Skype 3.2.0.63

  • Skype Technologies Skype 3.2.0.82

  • Skype Technologies Skype 3.5.0.107

  • Skype Technologies Skype 3.5.0.158

  • Skype Technologies Skype 3.5.0.178

  • Skype Technologies Skype 3.5.0.202

  • Skype Technologies Skype 3.5.0.214

  • Skype Technologies Skype 3.5.0.229

  • Skype Technologies Skype 3.5.0.234

  • Skype Technologies Skype 3.5.0.239

  • Skype Technologies Skype 3.6.0.127

  • Skype Technologies Skype 3.6.0.159

  • Skype Technologies Skype 3.6.0.216

  • Skype Technologies Skype 3.6.0.244

  • Skype Technologies Skype 3.6.0.248

  • Skype Technologies Skype 3.8.0.115

  • Skype Technologies Skype 3.8.0.96


References

CONFIRM - http://www.skype.com/security/skype-sb-2008-003.html

VUPEN - ADV-2008-1749

SECTRACK - 1020201

BID - 29553

SECUNIA - 30547

IDEFENSE - 20080604 Skype File URI Security Bypass Code Execution Vulnerability


Last Updated: 27 May 2016 10:47:40