Vulnerability Description
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Skype Technologies | Skype | 3.1 |
Related Weaknesses (CWE)
References
- http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx
- http://www.kb.cert.org/vuls/id/794236US Government Resource
- http://www.securityfocus.com/archive/1/487370/100/0/threaded
- http://www.securityfocus.com/bid/27338
- http://aviv.raffon.net/2008/01/31/AttackersCanSkypeFindYou.aspx
- http://www.kb.cert.org/vuls/id/794236US Government Resource
- http://www.securityfocus.com/archive/1/487370/100/0/threaded
- http://www.securityfocus.com/bid/27338
FAQ
What is CVE-2008-0582?
CVE-2008-0582 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zo...
How severe is CVE-2008-0582?
CVE-2008-0582 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0582?
Check the references section above for vendor advisories and patch information. Affected products include: Skype Technologies Skype.