CVE-2008-0582
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler.
Vulnerabilidad de secuencias de comandos en zonas cruzadas en el control web Internet Explorer en Skype 3.1 hasta 3.6.0.244 en Windows permite a atacantes remotos inyectar web script o HTML de su elección en Local Machine Zone mediante el campo Full Name de un revisor de una entrada de negocios, accesible a través de (1) el diálogo SkypeFind y (2) un skype:?URI de skypefind para el skype: URI handler.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-02-04 CVE Reserved
- 2008-02-05 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx | X_refsource_misc | |
| http://www.kb.cert.org/vuls/id/794236 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/487370/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/27338 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Skype Technologies Search vendor "Skype Technologies" | Skype Search vendor "Skype Technologies" for product "Skype" | 3.1 Search vendor "Skype Technologies" for product "Skype" and version "3.1" | - |
Affected
| ||||||
| Skype Technologies Search vendor "Skype Technologies" | Skype Search vendor "Skype Technologies" for product "Skype" | 3.2 Search vendor "Skype Technologies" for product "Skype" and version "3.2" | - |
Affected
| ||||||
| Skype Technologies Search vendor "Skype Technologies" | Skype Search vendor "Skype Technologies" for product "Skype" | 3.5 Search vendor "Skype Technologies" for product "Skype" and version "3.5" | - |
Affected
| ||||||
| Skype Technologies Search vendor "Skype Technologies" | Skype Search vendor "Skype Technologies" for product "Skype" | 3.6 Search vendor "Skype Technologies" for product "Skype" and version "3.6" | - |
Affected
| ||||||
| Skype Technologies Search vendor "Skype Technologies" | Skype Search vendor "Skype Technologies" for product "Skype" | 3.6.0.244 Search vendor "Skype Technologies" for product "Skype" and version "3.6.0.244" | - |
Affected
| ||||||