Detections
Analytics

Skype Technologies URI Handler Remote Code Execution

medium Nessus Network Monitor Plugin ID 4531

Synopsis

The remote host may be tricked into running an executable file

Description

The version of Skype installed on the remote host is vulnerable to a flaw wherein specially formatted 'file://' URI will allow the download and execution of executable files. An attacker, exploiting this flaw, would need to be able to coerce a user into browsing a malicious URI. Successful exploitation would result in the attacker executing arbitrary code.

Solution

Upgrade to Skype release 3.8.0.139.

See Also

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711

Plugin Details

Severity: Medium

ID: 4531

Published: 8/18/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:skype_technologies:skype

Reference Information

CVE: CVE-2008-1805, CVE-2008-2545

BID: 29553