CVE-2006-2312

Description

Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.

Related CPE's

Could not find any relations

References

http://www.skype.com/security/skype-sb-2006-001.html

18038

20154

Vendor Advisory

VU#466428

US Government Resource

20060521 Skype - URI Handler Command Switch Parsing

25658

ADV-2006-1871

Vendor Advisory

skype-uri-handler-file-access(26557)

20060521 Skype - URI Handler Command Switch Parsing

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:H/Au:N/C:P/I:N/A:N

AccessVector

NETWORK

AccessComplexity

HIGH

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

NONE

AvailabilityImpact

NONE

BaseScore

2.5999999046325684

Created by Yello
About Severity.io