CVE-2008-1805

EPSS 1.69%
Veröffentlicht 06.06.2008 22:32:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the blacklist.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Skype Technologies ≫ Skype Version <= 3.8.0.115

Skype Technologies ≫ Skype Version3.0.0.106 Updatebeta

Skype Technologies ≫ Skype Version3.0.0.123 Updatebeta

Skype Technologies ≫ Skype Version3.0.0.137 Updatebeta

Skype Technologies ≫ Skype Version3.0.0.154 Updatebeta

Skype Technologies ≫ Skype Version3.0.0.190

Skype Technologies ≫ Skype Version3.0.0.198

Skype Technologies ≫ Skype Version3.0.0.205

Skype Technologies ≫ Skype Version3.0.0.209

Skype Technologies ≫ Skype Version3.0.0.214

Skype Technologies ≫ Skype Version3.0.0.216

Skype Technologies ≫ Skype Version3.0.0.217

Skype Technologies ≫ Skype Version3.0.0.218

Skype Technologies ≫ Skype Version3.1.0.112 Updatebeta

Skype Technologies ≫ Skype Version3.1.0.134 Updatebeta

Skype Technologies ≫ Skype Version3.1.0.144

Skype Technologies ≫ Skype Version3.1.0.147

Skype Technologies ≫ Skype Version3.1.0.150

Skype Technologies ≫ Skype Version3.1.0.152

Skype Technologies ≫ Skype Version3.2.0.53 Updatebeta

Skype Technologies ≫ Skype Version3.2.0.63 Updatebeta

Skype Technologies ≫ Skype Version3.2.0.82 Updatebeta

Skype Technologies ≫ Skype Version3.2.0.115 Updatebeta

Skype Technologies ≫ Skype Version3.2.0.145

Skype Technologies ≫ Skype Version3.2.0.148

Skype Technologies ≫ Skype Version3.2.0.152

Skype Technologies ≫ Skype Version3.2.0.158

Skype Technologies ≫ Skype Version3.2.0.163

Skype Technologies ≫ Skype Version3.2.0.175

Skype Technologies ≫ Skype Version3.5.0.107 Updatebeta

Skype Technologies ≫ Skype Version3.5.0.158 Updatebeta

Skype Technologies ≫ Skype Version3.5.0.178 Updatebeta

Skype Technologies ≫ Skype Version3.5.0.202

Skype Technologies ≫ Skype Version3.5.0.214

Skype Technologies ≫ Skype Version3.5.0.229

Skype Technologies ≫ Skype Version3.5.0.234

Skype Technologies ≫ Skype Version3.5.0.239

Skype Technologies ≫ Skype Version3.6.0.127 Updatebeta

Skype Technologies ≫ Skype Version3.6.0.159 Updatebeta

Skype Technologies ≫ Skype Version3.6.0.216

Skype Technologies ≫ Skype Version3.6.0.244

Skype Technologies ≫ Skype Version3.6.0.248

Skype Technologies ≫ Skype Version3.8.0.96 Updatebeta

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.69%	0.805

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711

http://secunia.com/advisories/30547

Vendor Advisory

http://www.securityfocus.com/bid/29553

http://www.securitytracker.com/id?1020201

http://www.skype.com/security/skype-sb-2008-003.html

Patch

Vendor Advisory

http://www.vupen.com/english/advisories/2008/1749/references

https://nvd.nist.gov/vuln/detail/CVE-2008-1805

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1805

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1805

EUVD