Skype Web Content Zone Multiple Field Remote Code Execution (uncredentialed check)

high Nessus Plugin ID 30206

Synopsis

The remote Skype client is affected by a remote code execution issue through the web handler.

Description

The version of Skype installed on the remote host reportedly may allow a remote attacker to execute arbitrary code by enticing the user to retrieve specially crafted we content through the skype interface.

Solution

Upgrade to Skype release 3.6.0.248 or later.

See Also

http://www.skype.com/security/skype-sb-2008-001-update2.html

http://www.skype.com/security/skype-sb-2008-002.html

http://www.skype.com/security/skype-sb-2008-001-update1.html

Plugin Details

Severity: High

ID: 30206

File Name: skype_2008_001.nasl

Version: 1.17

Type: remote

Agent: windows

Family: Windows

Published: 2/7/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:skype:skype

Required KB Items: Services/skype

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-0454, CVE-2008-0582, CVE-2008-0583

BID: 27338

CWE: 79, 94