Skype Technologies URI Handler Remote Code Execution

Medium Nessus Network Monitor Plugin ID 4531


The remote host may be tricked into running an executable file


The version of Skype installed on the remote host is vulnerable to a flaw wherein specially formatted 'file://' URI will allow the download and execution of executable files. An attacker, exploiting this flaw, would need to be able to coerce a user into browsing a malicious URI. Successful exploitation would result in the attacker executing arbitrary code.


Upgrade to Skype release

See Also

Plugin Details

Severity: Medium

ID: 4531

File Name: 4531.prm

Published: 2004/08/18

Modified: 2016/01/19

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 5.6

Temporal Score: 5.2


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2008-2545, CVE-2008-1805

BID: 29553

OSVDB: 46010