2.6

CVE-2006-2312

Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SkypeSkype Version < 2.0.0.105
   MicrosoftWindows
SkypeSkype Version >= 2.5.0.0 < 2.5.0.79
   MicrosoftWindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.15% 0.895
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:P/I:N/A:N
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html
Broken Link
http://secunia.com/advisories/20154
Vendor Advisory
Broken Link
http://www.kb.cert.org/vuls/id/466428
Third Party Advisory
US Government Resource
http://www.osvdb.org/25658
Broken Link
http://www.securityfocus.com/archive/1/434707/30/4860/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/18038
Third Party Advisory
Broken Link
VDB Entry
http://www.skype.com/security/skype-sb-2006-001.html
Broken Link
http://www.vupen.com/english/advisories/2006/1871
Vendor Advisory
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/26557
Third Party Advisory
VDB Entry