Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2545

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-2545
Last Modified 07 Mar 2011 10:09:21
Published 06 Jun 2008 06:32:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2545

Summary

Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different case.

Vulnerable Systems

Application

  • Skype Technologies Skype 3.0.0.106

  • Skype Technologies Skype 3.0.0.123

  • Skype Technologies Skype 3.0.0.137

  • Skype Technologies Skype 3.0.0.154

  • Skype Technologies Skype 3.0.0.190

  • Skype Technologies Skype 3.0.0.198

  • Skype Technologies Skype 3.0.0.205

  • Skype Technologies Skype 3.0.0.209

  • Skype Technologies Skype 3.0.0.214

  • Skype Technologies Skype 3.0.0.216

  • Skype Technologies Skype 3.0.0.217

  • Skype Technologies Skype 3.0.0.218

  • Skype Technologies Skype 3.1.0.112

  • Skype Technologies Skype 3.1.0.134

  • Skype Technologies Skype 3.1.0.144

  • Skype Technologies Skype 3.1.0.147

  • Skype Technologies Skype 3.1.0.150

  • Skype Technologies Skype 3.1.0.152

  • Skype Technologies Skype 3.2.0.115

  • Skype Technologies Skype 3.2.0.145

  • Skype Technologies Skype 3.2.0.148

  • Skype Technologies Skype 3.2.0.152

  • Skype Technologies Skype 3.2.0.158

  • Skype Technologies Skype 3.2.0.163

  • Skype Technologies Skype 3.2.0.175

  • Skype Technologies Skype 3.2.0.53

  • Skype Technologies Skype 3.2.0.63

  • Skype Technologies Skype 3.2.0.82

  • Skype Technologies Skype 3.5.0.107

  • Skype Technologies Skype 3.5.0.158

  • Skype Technologies Skype 3.5.0.178

  • Skype Technologies Skype 3.5.0.202

  • Skype Technologies Skype 3.5.0.214

  • Skype Technologies Skype 3.5.0.229

  • Skype Technologies Skype 3.5.0.234

  • Skype Technologies Skype 3.5.0.239

  • Skype Technologies Skype 3.6.0.127

  • Skype Technologies Skype 3.6.0.159

  • Skype Technologies Skype 3.6.0.216

  • Skype Technologies Skype 3.6.0.244

  • Skype Technologies Skype 3.6.0.248

  • Skype Technologies Skype 3.8.0.115

  • Skype Technologies Skype 3.8.0.96


References

CONFIRM - http://www.skype.com/security/skype-sb-2008-003.html

XF - skype-fileuri-case-security-bypass(43044)

VUPEN - ADV-2008-1749

IDEFENSE - 20080604 Skype File URI Security Bypass Code Execution Vulnerability

SECTRACK - 1020201

BID - 29553

SECUNIA - 30547


Last Updated: 27 May 2016 10:47:54